Edit tour

Windows Analysis Report
https://www.lodop.net/

Overview

General Information

Sample URL:	https://www.lodop.net/
Analysis ID:	1544574
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,7651591374068356554,12617634830173413571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.lodop.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.lodop.net/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 111.45.3.198:443 -> 192.168.2.8:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.8:60261 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.8:60252 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/main.css HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/prettify.css HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /css/default.css HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /push_tongji.js HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/logo.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hm.js?0cb508d79cf9b362fbfe253f23da969d HTTP/1.1Host: hm.baidu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hm.js?f77310fb1e9bd277ac94694a069bd4e9 HTTP/1.1Host: hm.baidu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/inner_top_middle.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/inner_top_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /push_tongji.js HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/list_point.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/inner_top.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/body_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/sina.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/logo.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/inner_top_middle.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/inner_top_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/qq.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/header_common.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/body_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/header_middle.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=132588249&si=0cb508d79cf9b362fbfe253f23da969d&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99 HTTP/1.1Host: hm.baidu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
Source: global traffic	HTTP traffic detected: GET /png/inner_slider_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /png/sina.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/qq.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/header_common.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/body_bottom.png HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=1979009764&si=f77310fb1e9bd277ac94694a069bd4e9&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99 HTTP/1.1Host: hm.baidu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
Source: global traffic	HTTP traffic detected: GET /png/header_middle.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/inner_slider_bg.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.lodop.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.lodop.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /png/body_bottom.png HTTP/1.1Host: www.lodop.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
Source: global traffic	HTTP traffic detected: GET /hm.js?f77310fb1e9bd277ac94694a069bd4e9 HTTP/1.1Host: hm.baidu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: www.lodop.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: hm.baidu.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.5Date: Tue, 29 Oct 2024 14:37:58 GMTConnection: closeContent-Length: 5092
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.5Date: Tue, 29 Oct 2024 14:37:59 GMTConnection: closeContent-Length: 5090
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/7.5Date: Tue, 29 Oct 2024 14:38:09 GMTConnection: closeContent-Length: 5078

Source: chromecache_94.2.dr	String found in binary or memory: http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=
Source: chromecache_83.2.dr, chromecache_99.2.dr	String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: chromecache_94.2.dr	String found in binary or memory: http://t.qq.com/mtsoftware
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: http://tongji.baidu.com/hm-web/welcome/ico
Source: chromecache_94.2.dr	String found in binary or memory: http://weibo.com/u/1914599397
Source: chromecache_94.2.dr	String found in binary or memory: https://beian.miit.gov.cn
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: https://goutong.baidu.com/site/
Source: chromecache_83.2.dr, chromecache_99.2.dr	String found in binary or memory: https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d
Source: chromecache_83.2.dr, chromecache_99.2.dr	String found in binary or memory: https://hm.baidu.com/hm.js?f77310fb1e9bd277ac94694a069bd4e9
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: https://hmcdn.baidu.com/static
Source: chromecache_80.2.dr, chromecache_101.2.dr	String found in binary or memory: https://hmcdn.baidu.com/static/tongji/plugins/
Source: chromecache_97.2.dr	String found in binary or memory: https://www.lodop.net:443/favicon.ico
Source: chromecache_98.2.dr	String found in binary or memory: https://www.lodop.net:443/png/inner_top.png
Source: chromecache_78.2.dr	String found in binary or memory: https://www.lodop.net:443/png/list_point.png

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60260
Source: unknown	Network traffic detected: HTTP traffic on port 60283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60257
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60254
Source: unknown	Network traffic detected: HTTP traffic on port 60263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60253
Source: unknown	Network traffic detected: HTTP traffic on port 60286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 60297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60271
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60270
Source: unknown	Network traffic detected: HTTP traffic on port 60280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60264
Source: unknown	Network traffic detected: HTTP traffic on port 60266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60261
Source: unknown	Network traffic detected: HTTP traffic on port 60294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 60275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60280
Source: unknown	Network traffic detected: HTTP traffic on port 60281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60274
Source: unknown	Network traffic detected: HTTP traffic on port 60284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 60255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60293
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60290
Source: unknown	Network traffic detected: HTTP traffic on port 60261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60288
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60285
Source: unknown	Network traffic detected: HTTP traffic on port 60292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60284
Source: unknown	Network traffic detected: HTTP traffic on port 60289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60297
Source: unknown	Network traffic detected: HTTP traffic on port 60267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60294
Source: unknown	Network traffic detected: HTTP traffic on port 60270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 60282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 60254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 111.45.3.198:443 -> 192.168.2.8:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.8:60261 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/63@12/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,7651591374068356554,12617634830173413571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.lodop.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,7651591374068356554,12617634830173413571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.lodop.net	123.57.208.27	true	false	unknown
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
hm.e.shifen.com	14.215.183.79	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.202.1	true	false	unknown
hm.baidu.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.lodop.net/css/default.css	false	unknown
https://www.lodop.net/png/inner_top_bg.png	false	unknown
https://www.lodop.net/png/qq.png	false	unknown
https://www.lodop.net/css/main.css	false	unknown
https://www.lodop.net/png/logo.png	false	unknown
https://hm.baidu.com/hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=132588249&si=0cb508d79cf9b362fbfe253f23da969d&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99	false	unknown
https://www.lodop.net/png/body_bottom.png	false	unknown
https://www.lodop.net/	false	unknown
https://hm.baidu.com/hm.js?f77310fb1e9bd277ac94694a069bd4e9	false	unknown
https://www.lodop.net/png/inner_top_middle.png	false	unknown
https://www.lodop.net/png/body_bg.png	false	unknown
https://www.lodop.net/png/inner_slider_bg.png	false	unknown
https://hm.baidu.com/hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=1979009764&si=f77310fb1e9bd277ac94694a069bd4e9&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99	false	unknown
https://www.lodop.net/png/list_point.png	false	unknown
https://www.lodop.net/png/sina.png	false	unknown
https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d	false	unknown
https://www.lodop.net/favicon.ico	false	unknown
https://www.lodop.net/css/prettify.css	false	unknown
https://www.lodop.net/png/inner_top.png	false	unknown
https://www.lodop.net/png/header_middle.png	false	unknown
https://www.lodop.net/push_tongji.js	false	unknown
https://www.lodop.net/png/header_common.png	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://goutong.baidu.com/site/	chromecache_80.2.dr, chromecache_101.2.dr	false	unknown
https://beian.miit.gov.cn	chromecache_94.2.dr	false	unknown
https://www.lodop.net:443/favicon.ico	chromecache_97.2.dr	false	unknown
https://www.lodop.net:443/png/inner_top.png	chromecache_98.2.dr	false	unknown
https://www.lodop.net:443/png/list_point.png	chromecache_78.2.dr	false	unknown
https://hmcdn.baidu.com/static/tongji/plugins/	chromecache_80.2.dr, chromecache_101.2.dr	false	unknown
https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc	chromecache_80.2.dr, chromecache_101.2.dr	false	unknown
http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=	chromecache_94.2.dr	false	unknown
http://push.zhanzhang.baidu.com/push.js	chromecache_83.2.dr, chromecache_99.2.dr	false	unknown
https://hmcdn.baidu.com/static	chromecache_80.2.dr, chromecache_101.2.dr	false	unknown
http://t.qq.com/mtsoftware	chromecache_94.2.dr	false	unknown
http://weibo.com/u/1914599397	chromecache_94.2.dr	false	unknown
http://tongji.baidu.com/hm-web/welcome/ico	chromecache_80.2.dr, chromecache_101.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
111.45.3.198	unknown	China	56040	CMNET-GUANGDONG-APChinaMobilecommunicationscorporation	false
123.57.208.27	www.lodop.net	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
14.215.183.79	hm.e.shifen.com	China	58466	CT-GUANGZHOU-IDCCHINANETGuangdongprovincenetworkCN	false

Private

IP
192.168.2.8
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544574
Start date and time:	2024-10-29 15:36:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.lodop.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/63@12/8

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.206.84, 216.58.206.35, 142.250.186.35, 142.250.185.142, 142.250.185.110, 142.251.173.84, 34.104.35.123, 20.12.23.50, 87.248.202.1, 192.229.221.95, 20.3.187.198, 40.69.42.241, 52.165.164.15, 131.107.255.255, 172.217.16.195, 199.232.210.172
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www.lodop.net/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984653222464348
Encrypted:	false
SSDEEP:	48:8p0dmTCqeHnidAKZdA1oehwiZUklqehny+3:8ph/TUy
MD5:	ECF470AA70FED14B4CD4B48B7DA162C0
SHA1:	E2D3F620F092FBBDD92432229D32D585D3485170
SHA-256:	E3037E65E7ADF57F05B11855A6C23C4F45A6AA8E50AE8742640E297F5706EC13
SHA-512:	B956F8F6C630A586E7F5BDAC1A452D9B0CCA56B7804B3A6E28C8B61B8A54B55DF2AA3FECDE748528D68CD4EC2857403348CB758052F3FE8A3FC9A318C623D68C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.999395983583274
Encrypted:	false
SSDEEP:	48:8U0dmTCqeHnidAKZdA1leh/iZUkAQkqehEy+2:8Uh/h9QVy
MD5:	1289DDA39088F88A87F0C42D2DB81F8C
SHA1:	515C5E7F5F675C10693133C2784653991C89B976
SHA-256:	D6DAB707CA23CDFEE40F3578123C0859258B79266CF9D13CBEC43367025F9693
SHA-512:	A93D8515A7111FCF06ED7777BF904B3A39A08C200E402DADB74AF0339F289AE054C02476258BE4F68A5E0CF2372FAA67445D83CB0176267A7A0CA1B4E5173E0D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.007576380441058
Encrypted:	false
SSDEEP:	48:8f0dmTCqbHnidAKZdA14t5eh7sFiZUkmgqeh7sqy+BX:8fh/2nwy
MD5:	0EE3F3ACDFA337B0846182863D291E21
SHA1:	AC60CC3C00BCEA3723AB94A0E1C2D712661EF913
SHA-256:	09E932E49F7F399A4A34F1AED632216574DBA443B581CD10D0E5BAA2F34A78B2
SHA-512:	C29F194B176C9CE89871D9421DB98B120A9EC0D1A21C0F848D6F78669275510F1F4BAB28F3729FF793D79ECD22B36AEAF63A57B9019C769384567895D3778E7E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.995459201486995
Encrypted:	false
SSDEEP:	48:8m0dmTCqeHnidAKZdA16ehDiZUkwqehIy+R:8mh/Siy
MD5:	0290B1CB7716AAEC0956D6E0B18F0A29
SHA1:	6D921504AF84ED2F31A683424740E1CDE9CC02B7
SHA-256:	DC375B7083BDF10CF7440477C011D3A018E18EDB721B41E6DF6BAA452D565CAB
SHA-512:	C81AC09DDF2A5166B17C7E104EA106B02DEE6F39B8A28E9EA866895FA28347AD10945E3EC5B38480FE91C390C5B077D52957F00E21EC641991A9AD94072D4014
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.986364542746016
Encrypted:	false
SSDEEP:	48:8L0dmTCqeHnidAKZdA1UehBiZUk1W1qehGy+C:8Lh/i9my
MD5:	DB5A979D221A3A3968A2050B7760553D
SHA1:	6D9D35C76DAE06BDB576CCDEDC11203CCCB7AB6A
SHA-256:	01E1FE6C7EDA1FAB48B7F3905FBEF62BB3EBCE175A8E0E60F90E82D8722B53D8
SHA-512:	2B8A90DDB0E4C0C024ADC1AD652EB989EF3206F774E96326723BF8CE7B30A3EB73C4AA2FB5BA94BCB9D3BDD605E2E0188032C8E75298D769BC5DCE7223509E51
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....T/.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 13:37:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.996064605542503
Encrypted:	false
SSDEEP:	48:8HSP0dmTCqeHnidAKZdA1duTrehOuTbbiZUk5OjqehOuTbwy+yT+:8HCh/jTYTbxWOvTbwy7T
MD5:	FE9146CF639E80F50DFCC122DC911A27
SHA1:	79C9202CE46BC907F807FF3E5697BF2EDA52BAFE
SHA-256:	55068E225950AD2AB1BD12C071896A5ACC82E02667F63A8CC49D2FA4B382F16A
SHA-512:	8EDD7C7FEF9191336366A26ACFB7FEF91ED9178E78D274F19C149842A10357442EB75105D2D926194D0696BD2A9AB2C44FC121835B7214D797716E6A4B92207D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y.t....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.v.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 39 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2397
Entropy (8bit):	7.5299862618929385
Encrypted:	false
SSDEEP:	48:EnitvnLuB0J3QYadvyfRjDpB8yUbdF05BAMHcDlz:xIuadKfRj9B4dF05ZHa
MD5:	7DA3422AFD686D119D10CC8DDDBA2403
SHA1:	D953ACA97A4836B8DFDC7333ECEF786A99B24A0E
SHA-256:	114A693035014C5BBE8E7D8FAAF5B097476AF471CCEA8EADB4868F5D547C07ED
SHA-512:	9E7CB82950576C0F0869BD5E8F6EFCB88D6E9BB7E38AFD1966F54987656FA35829D8DEFD9CE84DC9221EF7BFB25087E2A621A7F112DCB5683B8F67E833E47F7C
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/qq.png
Preview:	.PNG........IHDR...'... ......x......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:303B51DA748411E0A1EEA6D00B80EA7C" xmpMM:InstanceID="xmp.iid:303B51D9748411E0A1EEA6D00B80EA7C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...E....PLTE.....$v.4~.A..\|....l....~..D........N..

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (622)
Category:	downloaded
Size (bytes):	29898
Entropy (8bit):	5.432758652382726
Encrypted:	false
SSDEEP:	384:YlJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:Yl4VJfHgMdvussZPIx82Rwvutcto07v
MD5:	E951EB4EBB87380ACFAF2E64097A0654
SHA1:	065605DB88E7FCA9ABDBE95A951C79DACE52D666
SHA-256:	A197BD3893E26162D31155364A2E90758C669641486A6546DEC7911EF08A4E93
SHA-512:	6F31656884583CE7199C7A9891BFAD3894B51C739A255D3A8E5AB110C19D7920358C0DDCA18D853A4E1E03BF512D13B3AFA0B435343D33FCAB7CB38C1992F914
Malicious:	false
Reputation:	low
URL:	https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d
Preview:	(function(){var h={},mt={},c={id:"0cb508d79cf9b362fbfe253f23da969d",dm:["lodop.net.cn"],js:"tongji.baidu.com/hm-web/js/",etrk:[],cetrk:[],cptrk:[],icon:'',ctrk:[],vdur:1800000,age:31536000000,qiao:0,pt:0,spa:0,aet:'',hca:'DA7661259EA8C1A9',ab:'0',v:1};var s=void 0,t=!0,u=null,x=!1;mt.cookie={};mt.cookie.set=function(e,a,b){var k;b.C&&(k=new Date,k.setTime(k.getTime()+b.C));document.cookie=e+"="+a+(b.domain?"; domain="+b.domain:"")+(b.path?"; path="+b.path:"")+(k?"; expires="+k.toGMTString():"")+(b.ec?"; secure":"")};mt.cookie.get=function(e){return(e=RegExp("(^\| )"+e+"=([^;]*)(;\|$)").exec(document.cookie))?e[2]:u};.mt.cookie.rb=function(e,a){try{var b="Hm_ck_"+ +new Date;mt.cookie.set(b,"42",{domain:e,path:a,C:s});var k="42"===mt.cookie.get(b)?"1":"0";mt.cookie.set(b,"",{domain:e,path:a,C:-1});return k}catch(d){return"0"}};mt.event={};mt.event.c=function(e,a,b,k){e.addEventListener?e.addEventListener(a,b,k\|\|x):e.attachEvent&&e.attachEvent("on"+a,function(d){b.call(e,d)})};.(function(){

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 35 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2640
Entropy (8bit):	7.55067752204049
Encrypted:	false
SSDEEP:	48:JSZitvnLRsJ0J3QYyEJJfjRBSiG4h5PX+YQ5Ri7nfCyyREy2nBMe:PiJubjRBSiLJ7fo8Bz
MD5:	F64967460B8268F22EBDB7D187E566A4
SHA1:	9B1099F403B7566823962400812B002CA9FD6EFC
SHA-256:	49DEBB18F65B94475E098C281FD6331A536AB522218F9CEBAEB9DFE108729CB1
SHA-512:	F08C52F4CA29B7D50D629C489DC769763A455A67C36527B2DC9A677BDAAAE37F2BB923B3D9C9AF7F56CF2A8A1A759CF0DB628F1470FA89B994AD7BE1879FBB1A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...#... .......1.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:303B51D2748411E0A1EEA6D00B80EA7C" xmpMM:InstanceID="xmp.iid:301F4E3B748411E0A1EEA6D00B80EA7C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.L......PLTE......IHH.ST............%&.EIZYY.........

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 1, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1033
Entropy (8bit):	5.931967565251344
Encrypted:	false
SSDEEP:	24:LT1hpunQWwh82lYSKw2WBMVRzT3ZyJ3Vq26YGjk:LZitvnLLz0J3kYx
MD5:	B7D896B6E3312E08AF8918DC33AA033E
SHA1:	DCBD6E8C369F07DD83ABD3CA57BE3C908E763DBA
SHA-256:	2D8E7C146C8E9C60D7FF41D01A47A75259FEB1FBFEF05E317498D03A96756CFD
SHA-512:	E006B4B3048D0E1247ECEA31A68723B64AC5ACCF186C84AADFF329CF14EC881EC0EF473EDA7E72DF1671FB94D38960E6120AE5AAEEBAFC3D471C373A3C5B4670
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............1v......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:1A672EED748311E0AA60CA5A3DB47128" xmpMM:InstanceID="xmp.iid:1A672EEC748311E0AA60CA5A3DB47128" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CF092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>I.......PLTE..................&./....IDATx.b`dbfea...

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	20799
Entropy (8bit):	5.143695452180617
Encrypted:	false
SSDEEP:	192:NysC++NvsCvRjRcbwm+QvM6zHKaV0DRcxcNMzg7mVS341NU+IV7o6kbHI9kGao64:NUZsCvFXQvTKDcqNHOGVVk7I9w0P
MD5:	836069DDD7DED0B595C26813E13D9CB1
SHA1:	CE9B50617AC65FF3DFF5B41FAE74E653A9450CB2
SHA-256:	92E8214B70B20E0A71116CA455BE087194890753499D3FCA236DA19A46F7D01D
SHA-512:	E50E76B6536C1F800DB0709566110249823A51D4666BDB78C8CC03D67E375A459EAF827E5526A723A3F30D6F913BCAA49F7A5CB0A826909E2515FBC622597F41
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/css/default.css
Preview:	/* common /..ke-inline-block {..display: -moz-inline-stack;..display: inline-block;..vertical-align: middle;..zoom: 1;..display: inline;.}..ke-clearfix {..zoom: 1;.}..ke-clearfix:after {..content: ".";..display: block;..clear: both;..font-size: 0;..height: 0;..line-height: 0;..visibility: hidden;.}..ke-shadow {..box-shadow: 1px 1px 3px #A0A0A0;..-moz-box-shadow: 1px 1px 3px #A0A0A0;..-webkit-box-shadow: 1px 1px 3px #A0A0A0;..filter: progid:DXImageTransform.Microsoft.Shadow(color='#A0A0A0', Direction=135, Strength=3);..background-color: #F0F0EE;.}..ke-menu a,..ke-menu a:hover,..ke-dialog a,..ke-dialog a:hover {..color: #337FE5;..text-decoration: none;.}./* icons */..ke-icon-source {..background-position: 0px 0px;..width: 16px;..height: 16px;.}..ke-icon-preview {..background-position: 0px -16px;..width: 16px;..height: 16px;.}..ke-icon-print {..background-position: 0px -32px;..width: 16px;..height: 16px;.}..ke-icon-undo {..background-position: 0px -48px;..width: 16px;..height: 16px;.}..

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 20, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1085
Entropy (8bit):	6.1209287533614285
Encrypted:	false
SSDEEP:	24:P9Is1hpunQWwh82lYSKw2WIEVWT3ZyJ3V626YGPD9oMO7:FtitvnLKQ0J30YGBpc
MD5:	B56D584AD265A41AA5AD6BE795E0D128
SHA1:	61D8BCEE46F49B01BAED9F0B54DBC4422B1ACBFD
SHA-256:	32B884353438E61F2A6C75E523F2C06E69AB5FC045B7492F6AFDF013BDD57FFB
SHA-512:	787A57D1B5B64C76E7DA0C7239E609AB907A33B766C2122A06AC91CE2CA46D4BB3522B81D11A8912025D166C1B19466258200E58629944CB3919F99420EB5069
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/inner_top_bg.png
Preview:	.PNG........IHDR.............{......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:CA362261749011E088CCA4D24F70064C" xmpMM:InstanceID="xmp.iid:CA362260749011E088CCA4D24F70064C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>2n.....9PLTE+..,..,..,..,....+..+..+..,..1..,.......

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 84, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6594
Entropy (8bit):	7.8945450770215
Encrypted:	false
SSDEEP:	192:gt5YE8N6RXhVFg+LnZKZuIwUisAWHF+UEWpZfQRo:gtuiBhVFgbZuIw6H8tOmo
MD5:	5A954324EED7B7BA782AA39BDCE2BA02
SHA1:	EBB6256E7C7BF7936C300E2EFF190D558DCB3FE6
SHA-256:	B6A5687B84632C694EFF2539220069305D0A36BCB8DB1FD7AB1E070A65FBF7EA
SHA-512:	D984944D3848CC75422B3DBE434F623BB9AB4448E685C9559CA09AAFC6DF2C3149A3D436A3F8E314AF0A37F7C0C072A6F8E3FBBAE1D5B0AB7C7207AC7FAE6C9F
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/header_middle.png
Preview:	.PNG........IHDR.......T.....z..a....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:D50E9121747A11E0B67DC9CD17DA95E3" xmpMM:InstanceID="xmp.iid:D50E9120747A11E0B67DC9CD17DA95E3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Oi.....PLTE..........................................

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:	3:CUMllRPQEsJ9pse:Gl3QEsJLse
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........L..;

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:	3:CUMllRPQEsJ9pse:Gl3QEsJLse
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........L..;

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 84, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1133
Entropy (8bit):	6.254281423873545
Encrypted:	false
SSDEEP:	24:P6ld1hpunQWwh82lYSKw2WpAVJ0o/T3ZyJ3V326YGgCbOn848:WDitvnLoAUo/0J3xYJIl48
MD5:	D8276CBBF5558F7AA195069F495C2E67
SHA1:	41D72F788301D191174EF4D4BE59C33F304D4DD0
SHA-256:	5499F776D4FF59363FDA59972C5A027E92F363E464D92C29B69157241E8C2A50
SHA-512:	D844EE93C4678D4F2E870CC06D52D995EFD668E4DE9D5FDB60EED1E9D9002886ED1F4CC33E3263A20483A56595E0377742B2545D884023D153879B10498C0C3A
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/header_common.png
Preview:	.PNG........IHDR.......T.....t.......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:D4F8CFB3747A11E0B67DC9CD17DA95E3" xmpMM:InstanceID="xmp.iid:D4F8CFB2747A11E0B67DC9CD17DA95E3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...\...KPLTE..........................................

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:	3:CUMllRPQEsJ9pse:Gl3QEsJLse
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	low
URL:	https://hm.baidu.com/hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=1979009764&si=f77310fb1e9bd277ac94694a069bd4e9&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99
Preview:	GIF89a.............!.......,...........L..;

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 1, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1033
Entropy (8bit):	5.931967565251344
Encrypted:	false
SSDEEP:	24:LT1hpunQWwh82lYSKw2WBMVRzT3ZyJ3Vq26YGjk:LZitvnLLz0J3kYx
MD5:	B7D896B6E3312E08AF8918DC33AA033E
SHA1:	DCBD6E8C369F07DD83ABD3CA57BE3C908E763DBA
SHA-256:	2D8E7C146C8E9C60D7FF41D01A47A75259FEB1FBFEF05E317498D03A96756CFD
SHA-512:	E006B4B3048D0E1247ECEA31A68723B64AC5ACCF186C84AADFF329CF14EC881EC0EF473EDA7E72DF1671FB94D38960E6120AE5AAEEBAFC3D471C373A3C5B4670
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/body_bg.png
Preview:	.PNG........IHDR.............1v......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:1A672EED748311E0AA60CA5A3DB47128" xmpMM:InstanceID="xmp.iid:1A672EEC748311E0AA60CA5A3DB47128" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CF092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>I.......PLTE..................&./....IDATx.b`dbfea...

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 34, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10742
Entropy (8bit):	7.951426034507597
Encrypted:	false
SSDEEP:	192:6SVnzQz2IKC51JJJ7EFlttIjYRhehh5w/eEL2u3T/on5eK+zUlRy:1RzIKC5smEz/J2YriWAzy
MD5:	629B47F8DE80572401C06A1A1DF3FC12
SHA1:	11ABC48282C9008F2932CD727DF7A134E083C4AD
SHA-256:	E656C71128B1D0DD3B1CA36809C6B407980DA48D2BDE3E5EDEE4DBB98756832F
SHA-512:	EDFCD56384D0C55DA75077C32E5B6B047E7905834D465B3DF6FC88512FC8B76BEBD053842FA9782E95A7F450207E0EA4D5C6E56457B560E655ADA18A60C5F22E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR......."........z....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..)lIDATx.}y............a@YT...QI....{..%(.B"\......vqCM.O6....C/...}.<.......2..3..,=[.Uu..LW[].=3xs..\|.3.U..l.....3....ECc...a/..../p)..?..#F. 8....y........k].f.mll...G?J.......q.5....G...Ku!...m...S.....b......b.K&...C?_.j..h.".\....a..w.}W9..s..2...}!D7...RE..G........!..8....R.E....G....J.n.=...B..pB.. ......2L....4..."$..PJ.!D.!d4.t.."........x............P.....(..v8.!....."...LH...@V;...!..C)-._.`..L;.B.,.8..!..1..I...c..X&.....pXQ.F..s..8...R.T..,..Ro2......!.x.7.!..!..E9.(J.$Iq.0J8.c.c..at.....e9.v.C..h.<.T.J...1.c,.9?...0./.t.$I#dY.H&.7.!z....B\|$I.I......=.A...Z.....D.9......@Q._^9...?+...@ .......?.t.....uuu.z.d.a.Q..O>..c&IR...~?..P($V.\.\.lYW.v&....iX.x.;.HPJ)q....ty<....cI..w....i=....,K..8(..Ji...xV.q.s...ig4M.....E..EqSJeB..(....T*U......9.....Y...R.9.4MK..dY....t:K...ok.2.R..q.v\....r.....t.0.......H.$)...z.E..G....5.....

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	5092
Entropy (8bit):	6.023113437571745
Encrypted:	false
SSDEEP:	96:19F7f9X/bHjKyDdUdx2cUIApHLUpM24KOnylw2FDZppyhwdOt9AG8TYcDm+A0:Fz9XzHjKyDdUdscUZpr8b4KmylbpW9AR
MD5:	864B1F45A78B2D2FCB1A0BD4910DB09B
SHA1:	05793A1B514E979BEEB791D846428DEA04D9C4F0
SHA-256:	3A4A7564DC7F31DA40F7B7ACF5E3803083AB28F98E1B647F9EB33CAB63443217
SHA-512:	E25307E7EE612C8077294F599A6BD76001BA6F1E9F768E96AEB0045A5EC3F3A710BA19B41F10424BA872B29073FE6571694561CACE303F86E39F0AF1330A9CBD
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/list_point.png
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> .<html xmlns="http://www.w3.org/1999/xhtml"> .<head> .<title>IIS 7.5 .... - 404.0 - Not Found</title> .<style type="text/css"> . .body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} .code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} ..config_source code{font-size:.8em;color:#000000;} .pre{margin:0;font-size:1.4em;word-wrap:break-word;} .ul,ol{margin:10px 0 10px 40px;} .ul.first,ol.first{margin-top:5px;} .fieldset{padding:0 15px 10px 15px;} ..summary-container fieldset{padding-bottom:5px;margin-top:4px;} .legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} .legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; . border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; . border-bottom:1px solid #969696;background:#E7ECF0;font-wei

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	938
Entropy (8bit):	4.795752185871939
Encrypted:	false
SSDEEP:	24:Q2VSVYcTGt0o2lSHR3Mts0T6m1WmvpbkU:brcLo20FoBPpkU
MD5:	C15A6099EE5B3756403832FB4BFDD090
SHA1:	4DF3F42CA93B9901822761FF750A6708FFC73E2C
SHA-256:	2188F769B19C26C6419831FDE0F87B43CCA25FA8A5E14922E214EF3F70313F50
SHA-512:	EE0F0C074089563918A4E0B9EBC5C930CA72D2B59121CE105E0CD1436A55F8D405B0E96C79DAF4CF753413646A0C640DABD4AAF209B5444A3D3D1A738892C788
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/css/prettify.css
Preview:	/* Pretty printing styles. Used with prettify.js. */...str { color: #080; }..kwd { color: #008; }..com { color: #800; }..typ { color: #606; }..lit { color: #066; }..pun { color: #660; }..pln { color: #000; }..tag { color: #008; }..atn { color: #606; }..atv { color: #080; }..dec { color: #606; }..pre.prettyprint {. border-left: 3px solid rgb(204, 204, 204);. margin-left: 2em;. padding: 0.5em;. font-size: 110%;. display: block;. font-family: "Consolas", "Monaco", "Bitstream Vera Sans Mono", "Courier New", Courier, monospace !important;. margin: 1em 0px;. white-space: pre;.}..@media print {. .str { color: #060; }. .kwd { color: #006; font-weight: bold; }. .com { color: #600; font-style: italic; }. .typ { color: #404; font-weight: bold; }. .lit { color: #044; }. .pun { color: #440; }. .pln { color: #000; }. .tag { color: #006; font-weight: bold; }. .atn { color: #404; }. .atv { color: #060; }.}.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	downloaded
Size (bytes):	29897
Entropy (8bit):	5.43333242687928
Encrypted:	false
SSDEEP:	384:opJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:op4VJfHgMdvussZPIx82Rwvutcto07v
MD5:	B50C250066B80DD15DF06B69EF780389
SHA1:	383D80F7497D71296E5E80574C278C892F46BD4A
SHA-256:	B5B29D77D92B61B78B856B3E04E623DBA2568BFD5B3438E448C3069110B849B3
SHA-512:	8C658D96A2A8607661AD6817EA2088731947E19DC259550FC049825BAA9A53A70D772FFE53880162960BA91A525E2968311E93CB51D7D2C5D8FB67F1748C4D97
Malicious:	false
Reputation:	low
URL:	https://hm.baidu.com/hm.js?f77310fb1e9bd277ac94694a069bd4e9
Preview:	(function(){var h={},mt={},c={id:"f77310fb1e9bd277ac94694a069bd4e9",dm:["c-lodop.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],cetrk:[],cptrk:[],icon:'',ctrk:[],vdur:1800000,age:31536000000,qiao:0,pt:0,spa:0,aet:'',hca:'F23A71B5E5FEC086',ab:'0',v:1};var s=void 0,t=!0,u=null,x=!1;mt.cookie={};mt.cookie.set=function(e,a,b){var k;b.C&&(k=new Date,k.setTime(k.getTime()+b.C));document.cookie=e+"="+a+(b.domain?"; domain="+b.domain:"")+(b.path?"; path="+b.path:"")+(k?"; expires="+k.toGMTString():"")+(b.ec?"; secure":"")};mt.cookie.get=function(e){return(e=RegExp("(^\| )"+e+"=([^;]*)(;\|$)").exec(document.cookie))?e[2]:u};.mt.cookie.rb=function(e,a){try{var b="Hm_ck_"+ +new Date;mt.cookie.set(b,"42",{domain:e,path:a,C:s});var k="42"===mt.cookie.get(b)?"1":"0";mt.cookie.set(b,"",{domain:e,path:a,C:-1});return k}catch(d){return"0"}};mt.event={};mt.event.c=function(e,a,b,k){e.addEventListener?e.addEventListener(a,b,k\|\|x):e.attachEvent&&e.attachEvent("on"+a,function(d){b.call(e,d)})};.(function(){v

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 35 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2640
Entropy (8bit):	7.55067752204049
Encrypted:	false
SSDEEP:	48:JSZitvnLRsJ0J3QYyEJJfjRBSiG4h5PX+YQ5Ri7nfCyyREy2nBMe:PiJubjRBSiLJ7fo8Bz
MD5:	F64967460B8268F22EBDB7D187E566A4
SHA1:	9B1099F403B7566823962400812B002CA9FD6EFC
SHA-256:	49DEBB18F65B94475E098C281FD6331A536AB522218F9CEBAEB9DFE108729CB1
SHA-512:	F08C52F4CA29B7D50D629C489DC769763A455A67C36527B2DC9A677BDAAAE37F2BB923B3D9C9AF7F56CF2A8A1A759CF0DB628F1470FA89B994AD7BE1879FBB1A
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/sina.png
Preview:	.PNG........IHDR...#... .......1.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:303B51D2748411E0A1EEA6D00B80EA7C" xmpMM:InstanceID="xmp.iid:301F4E3B748411E0A1EEA6D00B80EA7C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.L......PLTE......IHH.ST............%&.EIZYY.........

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 91, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1367
Entropy (8bit):	6.620822224948774
Encrypted:	false
SSDEEP:	24:yVi1hpunQWwh82lYSKw2Wn7CpyVvsNT3ZyJ3V626YGYDCBfiLKKTkWvWM:0gitvnLab+0J30YBOi+YbH
MD5:	B8EA3C6C0BD65BB7185AF9A042877506
SHA1:	472C9A6D579B9A95C666A7FE985207965B522019
SHA-256:	EC7F26FFC96135B475F25EE9B61985150D8BF4D22D90B99DDBD8436077699F91
SHA-512:	0DB8EB637BCF8167357191892F6B8D6D9481B04F8B86159D16DBB4DF35EC371C9EB1B9BC9762F3247AFD89C61716D8D522E069FEF2E2438D5E39BD4D75EF40DE
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/inner_slider_bg.png
Preview:	.PNG........IHDR.......[........*....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:9D10BDDD748F11E0885E935D460E3FC6" xmpMM:InstanceID="xmp.iid:9D10BDDC748F11E0885E935D460E3FC6" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.}C.....PLTE>..1..............7..#..+..+..%..%..0.....

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	809
Entropy (8bit):	5.206222416888813
Encrypted:	false
SSDEEP:	24:2+uHYPZ3bkRWZQkJG4uHYPNl7rRWZQkJG+QBmvu2V6E9P6RWZCm:2S5kwmIDrwm+Mw/
MD5:	48603D8BB4529D60AFF6FE59D7EC9D81
SHA1:	03EA85FA23C548AA55CEB2747E423F8B2AABAC93
SHA-256:	24DF449B56E25FE55EBFD19F03F5FBC4BD154D04A149690120B3B11CE3B34483
SHA-512:	D311EE7ACD4B3D36BC40A317F7C173C85465546854A85ECF2D551A88E81C692C17B28E3A53C1CFE038DF5DE4B476E1B0552386F015648D64B9804955FD23DE39
Malicious:	false
Reputation:	low
Preview:	..var _hmt = _hmt \|\| [];.....(function() {. ..var hm = document.createElement("script");. ..hm.src = "https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d";. ..var s = document.getElementsByTagName("script")[0]; . ..s.parentNode.insertBefore(hm, s);.})();.......(function() {. ..var hm = document.createElement("script");. ..hm.src = "https://hm.baidu.com/hm.js?f77310fb1e9bd277ac94694a069bd4e9";. ..var s = document.getElementsByTagName("script")[0]; . ..s.parentNode.insertBefore(hm, s);.})();.....(function(){.. var bp = document.createElement('script');.. var curProtocol = window.location.protocol.split(':')[0];.. bp.src = 'http://push.zhanzhang.baidu.com/push.js';.. var s = document.getElementsByTagName("script")[0];.. s.parentNode.insertBefore(bp, s);..})();.. ........

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 84, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6594
Entropy (8bit):	7.8945450770215
Encrypted:	false
SSDEEP:	192:gt5YE8N6RXhVFg+LnZKZuIwUisAWHF+UEWpZfQRo:gtuiBhVFgbZuIw6H8tOmo
MD5:	5A954324EED7B7BA782AA39BDCE2BA02
SHA1:	EBB6256E7C7BF7936C300E2EFF190D558DCB3FE6
SHA-256:	B6A5687B84632C694EFF2539220069305D0A36BCB8DB1FD7AB1E070A65FBF7EA
SHA-512:	D984944D3848CC75422B3DBE434F623BB9AB4448E685C9559CA09AAFC6DF2C3149A3D436A3F8E314AF0A37F7C0C072A6F8E3FBBAE1D5B0AB7C7207AC7FAE6C9F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......T.....z..a....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:D50E9121747A11E0B67DC9CD17DA95E3" xmpMM:InstanceID="xmp.iid:D50E9120747A11E0B67DC9CD17DA95E3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Oi.....PLTE..........................................

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 20, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2026
Entropy (8bit):	7.196000603120737
Encrypted:	false
SSDEEP:	48:LlitvnL+80J30YkBZKIeO2Nvnjg17ntmMpEunkVP:WxukfKIZujEHpEuyP
MD5:	33BC574A0FCC30AF29968AD81243DD29
SHA1:	ABE4BAD8F756DDA15BBF814DD5D41F42C776C0FC
SHA-256:	86A157D81CDA6B06A5134EEA7F420DA9FAB5D9BEC9DF385B74592F4D90A5956D
SHA-512:	BA8250E965B756485626C9943D1C568AEDDA4DAC514631F52CF5B5FD76612BB16CFD454E9881BBCECC93A829F2DEAA1272701F3BFCEC32B60F6BB38DD9962725
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/inner_top_middle.png
Preview:	.PNG........IHDR.............bm4.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:CA362265749011E088CCA4D24F70064C" xmpMM:InstanceID="xmp.iid:CA362264749011E088CCA4D24F70064C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..TQ...mPLTE...)........+..+....)..*..+..,..+.....

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1334
Entropy (8bit):	6.720932182982338
Encrypted:	false
SSDEEP:	24:LSL1hpunQWwh82lYSKw2WxVET3ZyJ3VLp26YGZ/FEamLUWeTlGlfK8WGskQEE:LGitvnLke0J3lZY8/wZolEf9W7/d
MD5:	C496533383F5ABB5BB1C6474577640E8
SHA1:	6E2FDAB3AD949B917B915BCE51E5EC3B270B4349
SHA-256:	4EBAE31B0BF50871207DDC025DA14366CD93CF0531F331051DC12303D7278399
SHA-512:	EC43B5AA6BBBC121F84DCD9922CCF2994D33345A475ACD30816A737EA82B497460DDFD03E17AF81288AB576569F2FAEA3628AF10FB81400ABD0DD7AE1BA05B3B
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/body_bottom.png
Preview:	.PNG........IHDR..............\|.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:7FC7CA6C748311E08B49BF8215BA4195" xmpMM:InstanceID="xmp.iid:7FC7CA6B748311E08B49BF8215BA4195" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8B7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.<.....ZPLTE..........................................

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 91, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1367
Entropy (8bit):	6.620822224948774
Encrypted:	false
SSDEEP:	24:yVi1hpunQWwh82lYSKw2Wn7CpyVvsNT3ZyJ3V626YGYDCBfiLKKTkWvWM:0gitvnLab+0J30YBOi+YbH
MD5:	B8EA3C6C0BD65BB7185AF9A042877506
SHA1:	472C9A6D579B9A95C666A7FE985207965B522019
SHA-256:	EC7F26FFC96135B475F25EE9B61985150D8BF4D22D90B99DDBD8436077699F91
SHA-512:	0DB8EB637BCF8167357191892F6B8D6D9481B04F8B86159D16DBB4DF35EC371C9EB1B9BC9762F3247AFD89C61716D8D522E069FEF2E2438D5E39BD4D75EF40DE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......[........*....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:9D10BDDD748F11E0885E935D460E3FC6" xmpMM:InstanceID="xmp.iid:9D10BDDC748F11E0885E935D460E3FC6" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.}C.....PLTE>..1..............7..#..+..+..%..%..0.....

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 20, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1085
Entropy (8bit):	6.1209287533614285
Encrypted:	false
SSDEEP:	24:P9Is1hpunQWwh82lYSKw2WIEVWT3ZyJ3V626YGPD9oMO7:FtitvnLKQ0J30YGBpc
MD5:	B56D584AD265A41AA5AD6BE795E0D128
SHA1:	61D8BCEE46F49B01BAED9F0B54DBC4422B1ACBFD
SHA-256:	32B884353438E61F2A6C75E523F2C06E69AB5FC045B7492F6AFDF013BDD57FFB
SHA-512:	787A57D1B5B64C76E7DA0C7239E609AB907A33B766C2122A06AC91CE2CA46D4BB3522B81D11A8912025D166C1B19466258200E58629944CB3919F99420EB5069
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............{......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:CA362261749011E088CCA4D24F70064C" xmpMM:InstanceID="xmp.iid:CA362260749011E088CCA4D24F70064C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>2n.....9PLTE+..,..,..,..,....+..+..+..,..1..,.......

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 20, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2026
Entropy (8bit):	7.196000603120737
Encrypted:	false
SSDEEP:	48:LlitvnL+80J30YkBZKIeO2Nvnjg17ntmMpEunkVP:WxukfKIZujEHpEuyP
MD5:	33BC574A0FCC30AF29968AD81243DD29
SHA1:	ABE4BAD8F756DDA15BBF814DD5D41F42C776C0FC
SHA-256:	86A157D81CDA6B06A5134EEA7F420DA9FAB5D9BEC9DF385B74592F4D90A5956D
SHA-512:	BA8250E965B756485626C9943D1C568AEDDA4DAC514631F52CF5B5FD76612BB16CFD454E9881BBCECC93A829F2DEAA1272701F3BFCEC32B60F6BB38DD9962725
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............bm4.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:CA362265749011E088CCA4D24F70064C" xmpMM:InstanceID="xmp.iid:CA362264749011E088CCA4D24F70064C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C6092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..TQ...mPLTE...)........+..+....)..*..+..,..+.....

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1334
Entropy (8bit):	6.720932182982338
Encrypted:	false
SSDEEP:	24:LSL1hpunQWwh82lYSKw2WxVET3ZyJ3VLp26YGZ/FEamLUWeTlGlfK8WGskQEE:LGitvnLke0J3lZY8/wZolEf9W7/d
MD5:	C496533383F5ABB5BB1C6474577640E8
SHA1:	6E2FDAB3AD949B917B915BCE51E5EC3B270B4349
SHA-256:	4EBAE31B0BF50871207DDC025DA14366CD93CF0531F331051DC12303D7278399
SHA-512:	EC43B5AA6BBBC121F84DCD9922CCF2994D33345A475ACD30816A737EA82B497460DDFD03E17AF81288AB576569F2FAEA3628AF10FB81400ABD0DD7AE1BA05B3B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............\|.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:7FC7CA6C748311E08B49BF8215BA4195" xmpMM:InstanceID="xmp.iid:7FC7CA6B748311E08B49BF8215BA4195" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8B7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.<.....ZPLTE..........................................

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 39 x 32, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2397
Entropy (8bit):	7.5299862618929385
Encrypted:	false
SSDEEP:	48:EnitvnLuB0J3QYadvyfRjDpB8yUbdF05BAMHcDlz:xIuadKfRj9B4dF05ZHa
MD5:	7DA3422AFD686D119D10CC8DDDBA2403
SHA1:	D953ACA97A4836B8DFDC7333ECEF786A99B24A0E
SHA-256:	114A693035014C5BBE8E7D8FAAF5B097476AF471CCEA8EADB4868F5D547C07ED
SHA-512:	9E7CB82950576C0F0869BD5E8F6EFCB88D6E9BB7E38AFD1966F54987656FA35829D8DEFD9CE84DC9221EF7BFB25087E2A621A7F112DCB5683B8F67E833E47F7C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...'... ......x......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:303B51DA748411E0A1EEA6D00B80EA7C" xmpMM:InstanceID="xmp.iid:303B51D9748411E0A1EEA6D00B80EA7C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8C7E291B8374E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...E....PLTE.....$v.4~.A..\|....l....~..D........N..

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	12239
Entropy (8bit):	5.171906181189414
Encrypted:	false
SSDEEP:	192:0YO6HQqfwXIlyvjIcreq/X/GiGq6AgzCMM:0X6HQqHlyvjtSGGRA4M
MD5:	4D790466D7773C45EE32DE247ABCEF07
SHA1:	257A559A71EDCFF79DD907E54966A4FBDC92B73F
SHA-256:	E648EE42D5C2922D595D006368FE6D0F4A30BCAFB1C2A725DDA75A3EAF3E158E
SHA-512:	1AFF056991E7A70C145D657F344CE1D30390870A56A957B3AE8B6632CF68D46644CD8BCB5F95EFD1954A878C2DE9BE976DDA0AEC556EBD2EB66F4136E1C0BF0F
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/css/main.css
Preview:	/* .. */.body, form, p, ul, dl, input, textarea {..margin: 0;..padding: 0;.}.body {..background: #f7f7f7;..color: #333;..font: 12px/18px "sans serif",tahoma,verdana,helvetica;.}.div {..margin: auto;.}.h1, h2, h3, h4, h5, h6 {..margin: 10px 0;.}.a {..text-decoration: none;..color: #1870a9;.}.a:hover {..color: #BC2A4D;.}..clear {..clear: both;..height: 0;..overflow: hidden;.}..left {..float: left;.}..right {..float: right;.}.select, input, button, img {..vertical-align: middle;.}.img {..border: 0;..vertical-align: middle;.}..yahei {..font-family: "sans serif",tahoma,verdana,helvetica;.}..#header {..background: url(../png/header_common.png) repeat-x;.}.#header_top {..width: 970px;..height: 84px;..background: url(../png/header_middle.png);..position: relative;.}.#logo {..position: absolute;..top: 33px;..left: 26px;.}.#nav {..list-style: none;..position: absolute;..right: 15px;..top: 35px;.}.#nav li {..float: left;..padding: 5px 10px 10px;..font-size: 14px;.}.#nav li a {..color: #333;..

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10742
Entropy (8bit):	7.951426034507597
Encrypted:	false
SSDEEP:	192:6SVnzQz2IKC51JJJ7EFlttIjYRhehh5w/eEL2u3T/on5eK+zUlRy:1RzIKC5smEz/J2YriWAzy
MD5:	629B47F8DE80572401C06A1A1DF3FC12
SHA1:	11ABC48282C9008F2932CD727DF7A134E083C4AD
SHA-256:	E656C71128B1D0DD3B1CA36809C6B407980DA48D2BDE3E5EDEE4DBB98756832F
SHA-512:	EDFCD56384D0C55DA75077C32E5B6B047E7905834D465B3DF6FC88512FC8B76BEBD053842FA9782E95A7F450207E0EA4D5C6E56457B560E655ADA18A60C5F22E
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/logo.png
Preview:	.PNG........IHDR......."........z....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..)lIDATx.}y............a@YT...QI....{..%(.B"\......vqCM.O6....C/...}.<.......2..3..,=[.Uu..LW[].=3xs..\|.3.U..l.....3....ECc...a/..../p)..?..#F. 8....y........k].f.mll...G?J.......q.5....G...Ku!...m...S.....b......b.K&...C?_.j..h.".\....a..w.}W9..s..2...}!D7...RE..G........!..8....R.E....G....J.n.=...B..pB.. ......2L....4..."$..PJ.!D.!d4.t.."........x............P.....(..v8.!....."...LH...@V;...!..C)-._.`..L;.B.,.8..!..1..I...c..X&.....pXQ.F..s..8...R.T..,..Ro2......!.x.7.!..!..E9.(J.$Iq.0J8.c.c..at.....e9.v.C..h.<.T.J...1.c,.9?...0./.t.$I#dY.H&.7.!z....B\|$I.I......=.A...Z.....D.9......@Q._^9...?+...@ .......?.t.....uuu.z.d.a.Q..O>..c&IR...~?..P($V.\.\.lYW.v&....iX.x.;.HPJ)q....ty<....cI..w....i=....,K..8(..Ji...xV.q.s...ig4M.....E..EqSJeB..(....T*U......9.....Y...R.9.4MK..dY....t:K...ok.2.R..q.v\....r.....t.0.......H.$)...z.E..G....5.....

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (539), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	7463
Entropy (8bit):	6.194907672553754
Encrypted:	false
SSDEEP:	192:cCrtzKs8EIbFrNF2b7SDTk7S8Idx/EmBYTegFlgt:cps8EIbFr32nuTku8nNeslS
MD5:	01913D87BDC487B71F3B5066BD7F94A1
SHA1:	96442DE416369B5320ACBC1AA8B7C981557AC112
SHA-256:	B9D76A4D208AD9286C5F2F4D25EC945A61C1FC8B283D072C6D3B629AC69E1B6C
SHA-512:	921F94E7BF7D29A606FF6432100A4C5C154A3B417BE78B2016EF459993234A9AB2AD4315CC9462238650E87B9261B3145CD5CC64C15720F4693304CBAD87E016
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/
Preview:	.<!DOCTYPE html>..<html>..<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Lodop.C-Lodop....</title>.. <meta name="keywords" content="Lodop,C-Lodop,....,WEB..,C-Lodop,CLodop,lodop..,...,....,..,AO..">.. <meta name="description" content="Lodop,C-Lodop,....,WEB...C-Lodop,CLodop,lodop..,...,....,..,AO..">.. <link href="./css/main.css" rel="stylesheet"> .. <link href="./css/prettify.css" rel="stylesheet">.. <link href="./css/default.css" rel="stylesheet">.... <script src="./push_tongji.js"></script>...... </head>.... <body>.. <div id="header">.. <div id="header_top">.. <a href="index.html" id="logo" title="...."><img src="./png/logo.png" width="200" height="34"></a>.. <ul id="nav">.. <li><a href="./index.html">....</a></li>.. <li><a href="./abo

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:	3:CUMllRPQEsJ9pse:Gl3QEsJLse
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Reputation:	low
URL:	https://hm.baidu.com/hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=132588249&si=0cb508d79cf9b362fbfe253f23da969d&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99
Preview:	GIF89a.............!.......,...........L..;

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 84, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1133
Entropy (8bit):	6.254281423873545
Encrypted:	false
SSDEEP:	24:P6ld1hpunQWwh82lYSKw2WpAVJ0o/T3ZyJ3V326YGgCbOn848:WDitvnLoAUo/0J3xYJIl48
MD5:	D8276CBBF5558F7AA195069F495C2E67
SHA1:	41D72F788301D191174EF4D4BE59C33F304D4DD0
SHA-256:	5499F776D4FF59363FDA59972C5A027E92F363E464D92C29B69157241E8C2A50
SHA-512:	D844EE93C4678D4F2E870CC06D52D995EFD668E4DE9D5FDB60EED1E9D9002886ED1F4CC33E3263A20483A56595E0377742B2545D884023D153879B10498C0C3A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......T.....t.......tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8E12C170F373E011A5DE9836D7083026" xmpMM:DocumentID="xmp.did:D4F8CFB3747A11E0B67DC9CD17DA95E3" xmpMM:InstanceID="xmp.iid:D4F8CFB2747A11E0B67DC9CD17DA95E3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C9092CED6D74E011832CCFD82F5A10C6" stRef:documentID="xmp.did:8E12C170F373E011A5DE9836D7083026"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...\...KPLTE..........................................

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	5078
Entropy (8bit):	6.023786403626905
Encrypted:	false
SSDEEP:	96:19F7f9X/bHjKyDdUdx2cUIApHLUpM24KOnylw2FDZppyhwd3t9AG8TYcDm+A0:Fz9XzHjKyDdUdscUZpr8b4Kmylbpx9AR
MD5:	4B557B9AE6A92A08B8D3A23D4313288E
SHA1:	F9DD6240391E1E9ACF0FCD271397A9D2B4116916
SHA-256:	22BEE54974BB91ECBE8A5DE7E12C2618C4CF6824916E9CB94FFE492BC2C4B73C
SHA-512:	B8A7DAAEF8AFB335A71CD9961047F1B8941A1487588A266E83E470F6A12589C05E21739D00EC712AEB32662B1F3DABDFB2730151B81B9BE98119D4997AFE69F6
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> .<html xmlns="http://www.w3.org/1999/xhtml"> .<head> .<title>IIS 7.5 .... - 404.0 - Not Found</title> .<style type="text/css"> . .body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} .code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} ..config_source code{font-size:.8em;color:#000000;} .pre{margin:0;font-size:1.4em;word-wrap:break-word;} .ul,ol{margin:10px 0 10px 40px;} .ul.first,ol.first{margin-top:5px;} .fieldset{padding:0 15px 10px 15px;} ..summary-container fieldset{padding-bottom:5px;margin-top:4px;} .legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} .legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; . border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; . border-bottom:1px solid #969696;background:#E7ECF0;font-wei

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	5090
Entropy (8bit):	6.023377368269503
Encrypted:	false
SSDEEP:	96:19F7f9X/bHjKyDdUdx2cUIApHLUpM24KOnylw2FDZppyhwd1n4t9AG8TYcDm+A0:Fz9XzHjKyDdUdscUZpr8b4Kmylbpxn4q
MD5:	3DCD4727DF5F454DE11AEA9EECEFF744
SHA1:	E3DB147A48E8F9EBF75E704A9BCB8405EA201E40
SHA-256:	02011BC42B27434422368CD134C6EA284533128712B7FFBE5F2D15239F6EA9CD
SHA-512:	7BFB5F19F17B3879E1B524EBEAE54B66A31063A3ED2B94A36EEBCB627C4385964A79544C8A1D709CF3A9BE59BED26B9A132A30FC1F5CFFD9902F70D93941C2E2
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/png/inner_top.png
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> .<html xmlns="http://www.w3.org/1999/xhtml"> .<head> .<title>IIS 7.5 .... - 404.0 - Not Found</title> .<style type="text/css"> . .body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} .code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} ..config_source code{font-size:.8em;color:#000000;} .pre{margin:0;font-size:1.4em;word-wrap:break-word;} .ul,ol{margin:10px 0 10px 40px;} .ul.first,ol.first{margin-top:5px;} .fieldset{padding:0 15px 10px 15px;} ..summary-container fieldset{padding-bottom:5px;margin-top:4px;} .legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} .legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; . border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; . border-bottom:1px solid #969696;background:#E7ECF0;font-wei

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	809
Entropy (8bit):	5.206222416888813
Encrypted:	false
SSDEEP:	24:2+uHYPZ3bkRWZQkJG4uHYPNl7rRWZQkJG+QBmvu2V6E9P6RWZCm:2S5kwmIDrwm+Mw/
MD5:	48603D8BB4529D60AFF6FE59D7EC9D81
SHA1:	03EA85FA23C548AA55CEB2747E423F8B2AABAC93
SHA-256:	24DF449B56E25FE55EBFD19F03F5FBC4BD154D04A149690120B3B11CE3B34483
SHA-512:	D311EE7ACD4B3D36BC40A317F7C173C85465546854A85ECF2D551A88E81C692C17B28E3A53C1CFE038DF5DE4B476E1B0552386F015648D64B9804955FD23DE39
Malicious:	false
Reputation:	low
URL:	https://www.lodop.net/push_tongji.js
Preview:	..var _hmt = _hmt \|\| [];.....(function() {. ..var hm = document.createElement("script");. ..hm.src = "https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d";. ..var s = document.getElementsByTagName("script")[0]; . ..s.parentNode.insertBefore(hm, s);.})();.......(function() {. ..var hm = document.createElement("script");. ..hm.src = "https://hm.baidu.com/hm.js?f77310fb1e9bd277ac94694a069bd4e9";. ..var s = document.getElementsByTagName("script")[0]; . ..s.parentNode.insertBefore(hm, s);.})();.....(function(){.. var bp = document.createElement('script');.. var curProtocol = window.location.protocol.split(':')[0];.. bp.src = 'http://push.zhanzhang.baidu.com/push.js';.. var s = document.getElementsByTagName("script")[0];.. s.parentNode.insertBefore(bp, s);..})();.. ........

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 15:37:35.734363079 CET	49671	443	192.168.2.8	204.79.197.203
Oct 29, 2024 15:37:36.125047922 CET	49677	80	192.168.2.8	192.229.211.108
Oct 29, 2024 15:37:37.359421968 CET	49673	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:37.671830893 CET	49672	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:44.312454939 CET	49676	443	192.168.2.8	52.182.143.211
Oct 29, 2024 15:37:46.914336920 CET	49677	80	192.168.2.8	192.229.211.108
Oct 29, 2024 15:37:46.961110115 CET	49673	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:47.310034990 CET	49672	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:48.075999975 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.076046944 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:48.076131105 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.078084946 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.078110933 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:48.078207970 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.084961891 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.085000992 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:48.085856915 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:48.085891962 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.297054052 CET	443	49703	23.206.229.226	192.168.2.8
Oct 29, 2024 15:37:49.297137976 CET	49703	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:49.300549984 CET	443	49703	23.206.229.226	192.168.2.8
Oct 29, 2024 15:37:49.300601006 CET	49703	443	192.168.2.8	23.206.229.226
Oct 29, 2024 15:37:49.646693945 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:49.646725893 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:49.646939993 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:49.648370981 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:49.648389101 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:49.664124966 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.667260885 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:49.667294979 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.668184042 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.668266058 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:49.670938969 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:49.670986891 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.671457052 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:49.671468973 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:49.713634968 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.218292952 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.218318939 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.218322039 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.218408108 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.218436956 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.264033079 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.306957006 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.307029963 CET	443	49709	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.307120085 CET	49709	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308047056 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308083057 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.308435917 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308466911 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308505058 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.308779955 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308789968 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.308800936 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.308851004 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309119940 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309133053 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.309242964 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309350967 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309365988 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.309529066 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309545040 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.309648037 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.309660912 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.310074091 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:50.310084105 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:50.527559996 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:50.527899981 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:50.527915955 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:50.529448032 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:50.529587030 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:50.531249046 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:50.531347990 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:50.572032928 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:50.572045088 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:37:50.576890945 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:50.576906919 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:50.576996088 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:50.580809116 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:50.580821037 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:50.616617918 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:37:51.437062025 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.437139034 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.448987961 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.448998928 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.449222088 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.491688013 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.569413900 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.615320921 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.813941956 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.814008951 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.814071894 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.814519882 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.814531088 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.814548969 CET	49718	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.814554930 CET	443	49718	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.874488115 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.874538898 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.874608040 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.874980927 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:51.874994993 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:51.879970074 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:51.880527973 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:51.880539894 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:51.881722927 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:51.881886959 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:51.886838913 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:51.886935949 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:51.887679100 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:51.887686014 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:51.929522038 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.434273005 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.434303045 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.434319019 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.434341908 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.434385061 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.434395075 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.434547901 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.563293934 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.609493017 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.642693043 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.642762899 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.642810106 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.646161079 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.646174908 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.647696018 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.647849083 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.648247004 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.648334026 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.653382063 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.653392076 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.663868904 CET	49717	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.663877010 CET	443	49717	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:52.695936918 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:52.710114002 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.710184097 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.731436014 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.731458902 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.731662989 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.734229088 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.779341936 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.975606918 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.975760937 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.975883961 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.976769924 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.976792097 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.976803064 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 15:37:52.976809025 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 15:37:52.993627071 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.038995028 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.039006948 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.039866924 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.039935112 CET	443	49714	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.040082932 CET	49714	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.195384979 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.195677996 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.195688009 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.196062088 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.196448088 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.196522951 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.196593046 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.239332914 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.244534016 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.746021986 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746047020 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746057034 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746066093 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746094942 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746133089 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.746146917 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.746186972 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.746186972 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.958610058 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.958708048 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.959434986 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.959491968 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.959690094 CET	443	49715	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.959726095 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.959762096 CET	49715	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.964782953 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.964824915 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:53.964907885 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.965274096 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:53.965286016 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.420289040 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.420569897 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.420583010 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.421689034 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.421756983 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.422158957 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.422327995 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.422569990 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.463566065 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.463573933 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.510041952 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.548093081 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.549302101 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.549333096 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.550216913 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.550285101 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.550611973 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.550668955 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.550751925 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.550760031 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.601289988 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.772192955 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.819422960 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.819456100 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.823851109 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.823937893 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.824183941 CET	443	49710	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.824244976 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.824270964 CET	49710	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.826646090 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.826667070 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.826847076 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.827112913 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.827126026 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.829705954 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.829749107 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.829818010 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.830605030 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.830621004 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.835611105 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.835623026 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.836036921 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.838619947 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.838633060 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.839550972 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.839579105 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.839721918 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.839828014 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.839857101 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:55.839919090 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.840048075 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.840055943 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:55.840106010 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.840540886 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:55.840553045 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:55.840693951 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.840709925 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:55.841006994 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:55.841017008 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:56.103657961 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.103683949 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.103692055 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.103724003 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.103754044 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.103764057 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.103807926 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.110119104 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.110157967 CET	443	49720	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.110207081 CET	49720	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.110615015 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.110640049 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.110708952 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.111324072 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.111335039 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.755167007 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.755196095 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.755337000 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.755364895 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.755374908 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.755464077 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.756072998 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.756086111 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:56.756231070 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:56.756242990 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.228833914 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.234173059 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.274456978 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.274889946 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.405875921 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.405894041 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.406073093 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.406080961 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.406553984 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.406646013 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.406649113 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.406707048 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.407397032 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.407457113 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.407612085 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.407869101 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.413788080 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.413887978 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.414421082 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.414526939 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.415395021 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.415409088 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.415745974 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.415774107 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:57.436021090 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.436263084 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.436280012 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.437357903 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.437438965 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.438590050 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.438657999 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.438972950 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.438982964 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.462307930 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.462419033 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:57.491918087 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.776277065 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.776307106 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.776354074 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.776382923 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.782350063 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.782408953 CET	443	49721	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.782469034 CET	49721	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.783129930 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.783215046 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.783291101 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.784503937 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.784537077 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.823348999 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.823379040 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:57.823441982 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.823667049 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:57.823674917 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.056092978 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056209087 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056219101 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056277990 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056282997 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.056288004 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056340933 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056375980 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.056427002 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.056447983 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056531906 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056540012 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056580067 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.056583881 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056593895 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056638002 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.056649923 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.056684971 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.058280945 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.058291912 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.058343887 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.058403015 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.062066078 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.063498974 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.063502073 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.063571930 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.063648939 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.063685894 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.063740969 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.063864946 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.063920975 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.064878941 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.064888000 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.064944983 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.064954042 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.078248024 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.078254938 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.080292940 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.080363989 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.088973999 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.089051962 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.089071035 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.089117050 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.089127064 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.089184046 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.089190960 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.089224100 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.089679003 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.106797934 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.106925011 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.110968113 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.110975981 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.164589882 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.195646048 CET	49726	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.195657015 CET	443	49726	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.196965933 CET	49725	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:37:58.197010040 CET	443	49725	14.215.183.79	192.168.2.8
Oct 29, 2024 15:37:58.424848080 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.425122023 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.425143003 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.426285982 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.426347971 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.426790953 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.426866055 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.427084923 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.427093029 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.447511911 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.475151062 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.491235018 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.491244078 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.492254972 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.492299080 CET	443	49724	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.492357016 CET	49724	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.493226051 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.493247986 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.493329048 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.493788004 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.493798971 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.692434072 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.693661928 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.693691969 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:37:58.693870068 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.693948030 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.693978071 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.694166899 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.694191933 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:37:58.695059061 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.695112944 CET	49736	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.695149899 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.695194960 CET	443	49736	111.45.3.198	192.168.2.8
Oct 29, 2024 15:37:58.695360899 CET	49736	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.696075916 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.696130037 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.696363926 CET	49736	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:37:58.696398973 CET	443	49736	111.45.3.198	192.168.2.8
Oct 29, 2024 15:37:58.696646929 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.696655035 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.700872898 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.700901985 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.701013088 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.701241016 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.701256037 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.740750074 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.741015911 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.741040945 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.742048025 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.742058039 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.742125988 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.743463039 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.743529081 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.743904114 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.743920088 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.766824007 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.770158052 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.770173073 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.771290064 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.771356106 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.772171974 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.772234917 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.777143002 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.778904915 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.778912067 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.789818048 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.819751978 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.819812059 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.819837093 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.847990990 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:58.848087072 CET	443	49729	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:58.848144054 CET	49729	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.125253916 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.166027069 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.166043043 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.210380077 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.221369982 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.221601963 CET	443	49716	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.221659899 CET	49716	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.226644039 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.226677895 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.227025032 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.229870081 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.229896069 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.229950905 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.229968071 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.251008034 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.251033068 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.282979965 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.290314913 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.290395975 CET	443	49723	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.290570021 CET	49723	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.291116953 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.291151047 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.291204929 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.292877913 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.292887926 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.324363947 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.372370005 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.396821976 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.396836042 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.398421049 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.447319031 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.719887972 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.719924927 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.720010996 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.720077991 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.764236927 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.786926985 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.787152052 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.797837973 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:37:59.843353033 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.932650089 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.932719946 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:37:59.932849884 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.016927004 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.070687056 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.133414984 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.133452892 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.133492947 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.133523941 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.135193110 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.135202885 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.136352062 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.136363029 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.136439085 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.180609941 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.199968100 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.200090885 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.200771093 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.200782061 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.226996899 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.227058887 CET	443	49722	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.227107048 CET	49722	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.241555929 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.243253946 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.243269920 CET	443	49727	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.243294954 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.243333101 CET	49727	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.544743061 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:38:00.544878960 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:38:00.545017004 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:38:00.721806049 CET	49713	443	192.168.2.8	142.250.186.164
Oct 29, 2024 15:38:00.721834898 CET	443	49713	142.250.186.164	192.168.2.8
Oct 29, 2024 15:38:00.883168936 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.883208990 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.883379936 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.885113001 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.885133028 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.890314102 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.890351057 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:00.890417099 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.891664982 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:00.891685963 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.282474995 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.283090115 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.283109903 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.284656048 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.284718037 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.285243034 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.285324097 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.285732031 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.285742044 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.301561117 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.333972931 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.333988905 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.335262060 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.335345030 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.336792946 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.336884022 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.337285042 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.337304115 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339068890 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339104891 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339117050 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339133978 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339144945 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339162111 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.339190006 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.339222908 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.349340916 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.349448919 CET	443	49728	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.349513054 CET	49728	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.368704081 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.491173983 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.499717951 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.499733925 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.501221895 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.501316071 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.547342062 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.547394037 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.551350117 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.551470041 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.562376976 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.562396049 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.637846947 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.637872934 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.637928963 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.637953997 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.642869949 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.642947912 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.643162012 CET	443	49737	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.643223047 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.643243074 CET	49737	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.663248062 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.684250116 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.798614025 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.798630953 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.802534103 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:01.802656889 CET	443	49731	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:01.802723885 CET	49731	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:02.957545042 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:02.957906961 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:02.957938910 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:02.959198952 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:02.959268093 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:02.959758043 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:02.959832907 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:02.959939957 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:02.959960938 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.038430929 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.174767017 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.175105095 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.175122023 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.175431013 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.175771952 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.175827980 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.175930023 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.219332933 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.239936113 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.240215063 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.240232944 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.241292953 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.241380930 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.241794109 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.241852045 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.242264986 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.242270947 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.298598051 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.325598955 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.345257998 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.345287085 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.345773935 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.345783949 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.346278906 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.346318007 CET	443	49738	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.346426010 CET	49738	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.346749067 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.346791983 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.346812010 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.351562977 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.351665020 CET	443	49730	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.351763010 CET	49730	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.353749990 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.353770971 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.353971958 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.354672909 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:03.354706049 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:03.354842901 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:03.355139971 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.355150938 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.355748892 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.355773926 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.355839014 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.356050968 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:03.356067896 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:03.356462955 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.356472015 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.356533051 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.356787920 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.356816053 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:03.356986046 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:03.356997967 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.562593937 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.565788031 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.565953970 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.565974951 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.565982103 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.566050053 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.566077948 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.566087961 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.566129923 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.566133976 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.566143036 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.566184998 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.568012953 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.597496986 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.597507954 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.598099947 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.599576950 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.599674940 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.599881887 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.606666088 CET	49745	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.606678009 CET	443	49745	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.612797976 CET	49734	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.612817049 CET	443	49734	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.615190029 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.615207911 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.615308046 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.615592003 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:04.615605116 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.643345118 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:04.684459925 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.684479952 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.684667110 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.684801102 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:04.684812069 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:04.868506908 CET	60252	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:04.875058889 CET	53	60252	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:04.875132084 CET	60252	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:04.875197887 CET	60252	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:04.880743027 CET	53	60252	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:05.377651930 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.377665043 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.377957106 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.377965927 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.378073931 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.378087997 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.378274918 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:05.378401041 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:05.378475904 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:05.378490925 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.378612041 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.378838062 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.378928900 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.379038095 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.379055977 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.379462957 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.379582882 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.379642963 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.379642963 CET	49748	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:05.379652977 CET	443	49748	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:05.381095886 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.381170034 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.382632017 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.382724047 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.383548975 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.383555889 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.383971930 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.384149075 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.384412050 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.384422064 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.386708021 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:05.386729956 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:05.386801958 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:05.386990070 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:05.387000084 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:05.427037001 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.427037954 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.427325010 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.488948107 CET	53	60252	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:05.489579916 CET	60252	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:05.498238087 CET	53	60252	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:05.498297930 CET	60252	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:05.718380928 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.719063997 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.719073057 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.719412088 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.719926119 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.719984055 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.720256090 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.721591949 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.721646070 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.721740007 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.721759081 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.723216057 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.723293066 CET	443	49744	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.723362923 CET	49744	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.763329029 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.828269958 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.836791992 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.836807013 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.837268114 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.873977900 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.874124050 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:05.876904964 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:05.923337936 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.056849003 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.100925922 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:06.100933075 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.111932993 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:06.111989021 CET	443	49749	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.112071037 CET	49749	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:06.501112938 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.501632929 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:06.501641035 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.501988888 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.502562046 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:06.502629995 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.503070116 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:06.543355942 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.921531916 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.921720982 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.921833038 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:06.922698021 CET	49751	443	192.168.2.8	14.215.183.79
Oct 29, 2024 15:38:06.922708988 CET	443	49751	14.215.183.79	192.168.2.8
Oct 29, 2024 15:38:06.948837042 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.997793913 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:06.997806072 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.998415947 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:06.998467922 CET	443	49747	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:06.998526096 CET	49747	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.065630913 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.083486080 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.083504915 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.084515095 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.084646940 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.085481882 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.085540056 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.085663080 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.131330967 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.133498907 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.133506060 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.180412054 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.398571014 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:07.398608923 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:07.399089098 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:07.399795055 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:07.399806976 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:07.402312040 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.402345896 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.402396917 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.402939081 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.402954102 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.465754986 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.507231951 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.507246971 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.507878065 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.507957935 CET	443	49739	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.508013964 CET	49739	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.519239902 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.519284964 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.519355059 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.519617081 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.519630909 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.528523922 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.528562069 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.528706074 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.529196024 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.529206991 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.639426947 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.639445066 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.639451027 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.639502048 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.639519930 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.639564991 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.642112017 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:07.642152071 CET	443	49752	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:07.642246962 CET	49752	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.167615891 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.167633057 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.167695999 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.167709112 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.170517921 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.170564890 CET	443	49750	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.170715094 CET	49750	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.971668005 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.971968889 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.971987963 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.975593090 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.975670099 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.976103067 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:08.976270914 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:08.976290941 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.019370079 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.023463011 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.023473024 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.070354939 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.095634937 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.097791910 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.097805977 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.098933935 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.099050999 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.107863903 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.107974052 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.108195066 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.108208895 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.148456097 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.305600882 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.351703882 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.351715088 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.352972031 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.353046894 CET	443	60255	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.353102922 CET	60255	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.447489977 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.447519064 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.447629929 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.447638988 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.465451956 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.465562105 CET	443	60256	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.465620995 CET	60256	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.770534039 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.820420980 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.837652922 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.837661028 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.838395119 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.844556093 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.844769955 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:09.848131895 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:09.895330906 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:10.861247063 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:10.861349106 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:10.861357927 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:10.914086103 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:10.914098978 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:10.949398994 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:10.949420929 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:10.949599028 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:10.949604988 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:10.986645937 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:11.039123058 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:11.039135933 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:11.050559998 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:11.050642014 CET	443	60257	123.57.208.27	192.168.2.8
Oct 29, 2024 15:38:11.050698996 CET	60257	443	192.168.2.8	123.57.208.27
Oct 29, 2024 15:38:13.846637011 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.847054958 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:13.847064018 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.847430944 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.847829103 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:13.848155975 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.848197937 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:13.848388910 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:13.848454952 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.848787069 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:13.848803043 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:13.891594887 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:14.632464886 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:14.632539988 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:14.632596016 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:14.634651899 CET	60253	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:14.634665012 CET	443	60253	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:14.808706999 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:14.851881981 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:14.907325983 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:14.909225941 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:14.909235954 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:15.780554056 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:15.783333063 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:15.783354998 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:17.954094887 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:17.954771042 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:17.954801083 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:17.955368996 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:17.955440044 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:17.956060886 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:17.956198931 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:17.956415892 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:17.956486940 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:18.008162975 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:18.008198023 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:18.055003881 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:20.548974037 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:20.602215052 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:28.720951080 CET	49736	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:28.767338037 CET	443	49736	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:30.543158054 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:30.586409092 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:31.570352077 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:31.570485115 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:32.112915993 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:32.112942934 CET	443	49735	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:32.113051891 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:32.113051891 CET	49735	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:42.432029963 CET	443	49736	111.45.3.198	192.168.2.8
Oct 29, 2024 15:38:42.432100058 CET	49736	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:38:49.690191031 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:49.690217972 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:49.690375090 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:49.690709114 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:49.690722942 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:50.549901009 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:50.550586939 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:50.550606012 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:50.550935030 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:50.551784992 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:50.551842928 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:38:50.618413925 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:38:59.733566046 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:38:59.733613968 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:38:59.733683109 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:38:59.734311104 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:38:59.734328985 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.497014999 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.497092962 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.498758078 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.498769045 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.499015093 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.506792068 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.546848059 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:39:00.546919107 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:39:00.547068119 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:39:00.547327042 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.759500980 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.759521961 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.759541988 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.759682894 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.759706020 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.759756088 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.877069950 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.877091885 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.877145052 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.877151966 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.877198935 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.995800018 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.995826006 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.995914936 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:00.995937109 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:00.996103048 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.130213022 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.130242109 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.130314112 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.130343914 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.130362034 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.130388021 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.230956078 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.230982065 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.231065035 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.231086016 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.231127977 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.348457098 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.348480940 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.348551989 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.348567963 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.348581076 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.348611116 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.465919018 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.465945005 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.466031075 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.466047049 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.466093063 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.582581043 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.582604885 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.582662106 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.582689047 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.582703114 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.582730055 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.601156950 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.601175070 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.601237059 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.601248026 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.601294041 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.717634916 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.717655897 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.717734098 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.717763901 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.717818022 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.824044943 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.824069023 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.824136972 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.824155092 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.824237108 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.938056946 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.938076973 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.938143969 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.938157082 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.938185930 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.938208103 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.955348015 CET	60260	443	192.168.2.8	142.250.185.228
Oct 29, 2024 15:39:01.955367088 CET	443	60260	142.250.185.228	192.168.2.8
Oct 29, 2024 15:39:01.999223948 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.999245882 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.999320984 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.999336004 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:01.999375105 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:01.999392033 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.053093910 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.053170919 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.053173065 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.053220034 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.053497076 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.053520918 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.053533077 CET	60261	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.053539038 CET	443	60261	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.104856014 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.104891062 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.105163097 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.105554104 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.105570078 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.107052088 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.107093096 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.107199907 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.107275963 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.107284069 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.108242989 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.108282089 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.108496904 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.109519005 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.109540939 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.109741926 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.109751940 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.109767914 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.111011028 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.111025095 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.111232996 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.111428022 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.111442089 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.111464024 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.111476898 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.868690968 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.869317055 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.869359970 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.869823933 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.869831085 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.898000956 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.898514032 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.898546934 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.898582935 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.899106026 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.899111032 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.899230003 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.899238110 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.899636984 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.899641037 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.915782928 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.916172028 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.916203022 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:02.916661024 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:02.916666985 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006052971 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006081104 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006155014 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.006191969 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006238937 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.006442070 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.006448030 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006465912 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.006597042 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006625891 CET	443	60263	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.006902933 CET	60263	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.008594036 CET	60254	443	192.168.2.8	111.45.3.198
Oct 29, 2024 15:39:03.008620024 CET	443	60254	111.45.3.198	192.168.2.8
Oct 29, 2024 15:39:03.009466887 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.009505033 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.009615898 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.009717941 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.009742975 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.020132065 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.020518064 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.020529032 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.020979881 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.020984888 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037390947 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037481070 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037491083 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037534952 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037564993 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037615061 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037663937 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037663937 CET	60267	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037683964 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037693024 CET	443	60267	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037703037 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037703037 CET	60264	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.037714958 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.037724018 CET	443	60264	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.040194988 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040230036 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.040313959 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040340900 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040344000 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.040481091 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040489912 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040496111 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.040646076 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.040662050 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.059573889 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.059596062 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.059637070 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.059647083 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.059676886 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.059945107 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.059964895 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.059976101 CET	60265	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.059981108 CET	443	60265	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.062450886 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.062473059 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.062536001 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.062686920 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.062700987 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416276932 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416304111 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416363955 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.416383028 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416619062 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.416631937 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416646004 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.416785002 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416819096 CET	443	60266	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.416990042 CET	60266	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.420294046 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.420321941 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.420603037 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.420743942 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.420757055 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.769062042 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.770495892 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.770520926 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.771362066 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.771368980 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.800436020 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.801225901 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.801225901 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.801251888 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.801266909 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.802598953 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.802957058 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.802972078 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.803308010 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.803318024 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.819978952 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.820652962 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.820652962 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.820689917 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.820703983 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.909466028 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.909528017 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.909790993 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.909790993 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.910012007 CET	60269	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.910027981 CET	443	60269	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.912969112 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.913003922 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.913201094 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.913294077 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.913309097 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.940602064 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.941088915 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.941176891 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.941176891 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.941263914 CET	60270	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.941287041 CET	443	60270	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.942156076 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.942262888 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.942435980 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.942456961 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.942456961 CET	60271	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.942470074 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.942478895 CET	443	60271	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.943764925 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.943797112 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.943942070 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.944447994 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.944449902 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.944463015 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.944473028 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.944894075 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.944895029 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.944921017 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.957547903 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.957711935 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.957843065 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.957843065 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.957880974 CET	60272	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.957889080 CET	443	60272	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.960184097 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.960216999 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:03.960445881 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.960536957 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:03.960553885 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.187689066 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.188206911 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.188227892 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.189738035 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.189743996 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.329246044 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.329464912 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.329617023 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.329617023 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.329695940 CET	60273	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.329711914 CET	443	60273	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.332422972 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.332461119 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.332633972 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.332731009 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.332741022 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.674386024 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.674926043 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.674947023 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.675438881 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.675445080 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.694749117 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.695172071 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.695197105 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.695611000 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.695625067 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.698806047 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.699163914 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.699187994 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.699552059 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.699561119 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.719645977 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.719974995 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.719990015 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.720371008 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.720376968 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.812459946 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.812551022 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.812601089 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.812959909 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.812973022 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.812984943 CET	60274	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.812990904 CET	443	60274	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.815819025 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.815864086 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.815934896 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.816174030 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.816189051 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.833193064 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.833255053 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.833307028 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.833538055 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.833538055 CET	60276	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.833558083 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.833570004 CET	443	60276	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.835994959 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.836021900 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.836098909 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.836219072 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.836231947 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.837694883 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.837750912 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.837893963 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.838083982 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.838102102 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.838119984 CET	60275	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.838128090 CET	443	60275	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.840186119 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.840215921 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.840272903 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.840482950 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.840501070 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.944679976 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.949481964 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.949537992 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.949593067 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.949613094 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.949623108 CET	60277	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.949629068 CET	443	60277	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.952750921 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.952781916 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:04.952883005 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.953066111 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:04.953075886 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.084815979 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.085359097 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.085367918 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.087857008 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.087861061 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.222140074 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.222202063 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.222270966 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.222702980 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.222718954 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.222755909 CET	60279	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.222769022 CET	443	60279	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.226229906 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.226283073 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.226347923 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.226553917 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.226569891 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.564795971 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.565356016 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.565371990 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.565836906 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.565840960 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.592631102 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.593281984 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.593317986 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.593827963 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.593836069 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.633466005 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.634155989 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.634170055 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.634854078 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.634860039 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.701220036 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.701306105 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.701522112 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.701586962 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.701586962 CET	60280	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.701603889 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.701613903 CET	443	60280	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.704278946 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.704329967 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.704498053 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.704629898 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.704648972 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.720268011 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.721020937 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.721033096 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.721416950 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.721421003 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.732131004 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.732186079 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.732259989 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.732412100 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.732412100 CET	60281	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.732426882 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.732435942 CET	443	60281	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.734709978 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.734750032 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.734955072 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.735076904 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.735090017 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.780670881 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.780736923 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.780808926 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.781094074 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.781106949 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.781147957 CET	60282	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.781152964 CET	443	60282	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.783374071 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.783413887 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.783562899 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.783695936 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.783710003 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.860996962 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.861397982 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.861593962 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.861628056 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.861628056 CET	60283	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.861640930 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.861649990 CET	443	60283	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.863955021 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.863986969 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.864176035 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.864176035 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.864201069 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.983078957 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.984064102 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.984064102 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:05.984098911 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:05.984113932 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.142811060 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.142880917 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.143110991 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.143110991 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.143146992 CET	60284	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.143162966 CET	443	60284	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.146095037 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.146130085 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.146327019 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.146388054 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.146394014 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.450118065 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.450737000 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.450778008 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.451107979 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.451114893 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.496850014 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.497711897 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.497755051 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.497844934 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.497862101 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.548878908 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.549410105 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.549446106 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.549851894 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.549859047 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.586504936 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.586699009 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.586785078 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.586922884 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.586922884 CET	60285	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.586947918 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.586961031 CET	443	60285	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.589936018 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.589981079 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.590061903 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.590338945 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.590357065 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.633348942 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.633455038 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.633694887 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.633764029 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.633764029 CET	60286	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.633804083 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.633832932 CET	443	60286	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.636411905 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.636476040 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.636598110 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.636962891 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.636981964 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.660581112 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.661127090 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.661164999 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.661744118 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.661757946 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.688967943 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.689043045 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.689284086 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.689356089 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.689356089 CET	60287	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.689384937 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.689402103 CET	443	60287	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.692014933 CET	60292	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.692058086 CET	443	60292	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.692323923 CET	60292	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.692445040 CET	60292	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.692461967 CET	443	60292	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.808264971 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.809232950 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.809518099 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.809518099 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.809737921 CET	60288	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.809757948 CET	443	60288	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.812412977 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.812472105 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.812609911 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.812669039 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.812678099 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.903877020 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.904438019 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.904464960 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:06.904941082 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:06.904944897 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.256634951 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.256707907 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.257236004 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.257236004 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.257323980 CET	60289	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.257350922 CET	443	60289	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.259881973 CET	60294	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.259922981 CET	443	60294	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.262543917 CET	60294	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.262702942 CET	60294	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.262717962 CET	443	60294	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.396341085 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.397269011 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.397269011 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.397286892 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.397305965 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.404441118 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.405173063 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.405173063 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.405189037 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.405208111 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.534514904 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.534784079 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.534832001 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.534887075 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.534887075 CET	60290	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.534913063 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.534924030 CET	443	60290	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.537287951 CET	60295	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.537332058 CET	443	60295	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.537471056 CET	60295	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.537604094 CET	60295	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.537616968 CET	443	60295	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.544744968 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.544809103 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.544997931 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.544997931 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.545229912 CET	60291	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.545243025 CET	443	60291	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.547297001 CET	60296	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.547341108 CET	443	60296	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.547545910 CET	60296	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.547545910 CET	60296	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.547586918 CET	443	60296	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.565622091 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.566169024 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.566257000 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.566459894 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.566477060 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.704724073 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.705414057 CET	443	60293	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.705511093 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.705511093 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.705511093 CET	60293	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.708384991 CET	60297	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.708429098 CET	443	60297	13.107.253.45	192.168.2.8
Oct 29, 2024 15:39:07.708601952 CET	60297	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.708650112 CET	60297	443	192.168.2.8	13.107.253.45
Oct 29, 2024 15:39:07.708657026 CET	443	60297	13.107.253.45	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 15:37:46.127347946 CET	53	64387	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:46.127382994 CET	53	60697	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:46.127439022 CET	53	61306	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:46.137531042 CET	53	65187	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:47.019601107 CET	57484	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:47.019751072 CET	57734	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:47.236109018 CET	53	57734	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:47.461208105 CET	53	58888	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:47.657527924 CET	53	57484	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:49.635857105 CET	51940	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:49.636395931 CET	59179	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:49.644184113 CET	53	51940	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:49.644354105 CET	53	59179	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:55.830235958 CET	63546	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:55.830382109 CET	61489	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:55.838184118 CET	53	63546	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:55.839184999 CET	53	61489	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:55.846087933 CET	50705	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:55.847702026 CET	61679	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:56.091037989 CET	53	61679	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:56.753034115 CET	53	50705	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:58.657021999 CET	57174	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:58.657510042 CET	51882	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:37:58.665268898 CET	53	57174	1.1.1.1	192.168.2.8
Oct 29, 2024 15:37:58.665514946 CET	53	51882	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:04.823755026 CET	53	49752	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:04.868037939 CET	53	52668	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:23.954452038 CET	53	55626	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:24.890225887 CET	138	138	192.168.2.8	192.168.2.255
Oct 29, 2024 15:38:44.579129934 CET	53	54933	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:46.650381088 CET	53	63862	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:49.681034088 CET	53682	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:49.681258917 CET	59543	53	192.168.2.8	1.1.1.1
Oct 29, 2024 15:38:49.689142942 CET	53	53682	1.1.1.1	192.168.2.8
Oct 29, 2024 15:38:49.689161062 CET	53	59543	1.1.1.1	192.168.2.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 29, 2024 15:37:46.135032892 CET	192.168.2.8	1.1.1.1	c215	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 29, 2024 15:37:47.019601107 CET	192.168.2.8	1.1.1.1	0xf745	Standard query (0)	www.lodop.net	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:47.019751072 CET	192.168.2.8	1.1.1.1	0xa352	Standard query (0)	www.lodop.net	65	IN (0x0001)	false
Oct 29, 2024 15:37:49.635857105 CET	192.168.2.8	1.1.1.1	0x7c04	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:49.636395931 CET	192.168.2.8	1.1.1.1	0x4de0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 29, 2024 15:37:55.830235958 CET	192.168.2.8	1.1.1.1	0xd80c	Standard query (0)	hm.baidu.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.830382109 CET	192.168.2.8	1.1.1.1	0xb046	Standard query (0)	hm.baidu.com	65	IN (0x0001)	false
Oct 29, 2024 15:37:55.846087933 CET	192.168.2.8	1.1.1.1	0xc973	Standard query (0)	www.lodop.net	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.847702026 CET	192.168.2.8	1.1.1.1	0x9a2d	Standard query (0)	www.lodop.net	65	IN (0x0001)	false
Oct 29, 2024 15:37:58.657021999 CET	192.168.2.8	1.1.1.1	0xb0cd	Standard query (0)	hm.baidu.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.657510042 CET	192.168.2.8	1.1.1.1	0x46ee	Standard query (0)	hm.baidu.com	65	IN (0x0001)	false
Oct 29, 2024 15:38:49.681034088 CET	192.168.2.8	1.1.1.1	0x5647	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:38:49.681258917 CET	192.168.2.8	1.1.1.1	0x2dad	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 15:37:47.657527924 CET	1.1.1.1	192.168.2.8	0xf745	No error (0)	www.lodop.net		123.57.208.27	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:49.644184113 CET	1.1.1.1	192.168.2.8	0x7c04	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:49.644354105 CET	1.1.1.1	192.168.2.8	0x4de0	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.baidu.com	hm.e.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.e.shifen.com		14.215.183.79	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.e.shifen.com		14.215.182.140	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.e.shifen.com		183.240.98.228	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.e.shifen.com		111.45.3.198	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.838184118 CET	1.1.1.1	192.168.2.8	0xd80c	No error (0)	hm.e.shifen.com		111.45.11.83	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:55.839184999 CET	1.1.1.1	192.168.2.8	0xb046	No error (0)	hm.baidu.com	hm.e.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:37:56.753034115 CET	1.1.1.1	192.168.2.8	0xc973	No error (0)	www.lodop.net		123.57.208.27	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.383168936 CET	1.1.1.1	192.168.2.8	0x6fc1	No error (0)	windowsupdatebg.s.llnwi.net		87.248.202.1	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.383168936 CET	1.1.1.1	192.168.2.8	0x6fc1	No error (0)	windowsupdatebg.s.llnwi.net		178.79.208.1	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.baidu.com	hm.e.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.e.shifen.com		111.45.3.198	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.e.shifen.com		183.240.98.228	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.e.shifen.com		111.45.11.83	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.e.shifen.com		14.215.182.140	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665268898 CET	1.1.1.1	192.168.2.8	0xb0cd	No error (0)	hm.e.shifen.com		14.215.183.79	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:37:58.665514946 CET	1.1.1.1	192.168.2.8	0x46ee	No error (0)	hm.baidu.com	hm.e.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:38:00.440634012 CET	1.1.1.1	192.168.2.8	0x5132	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:38:00.440634012 CET	1.1.1.1	192.168.2.8	0x5132	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:38:49.689142942 CET	1.1.1.1	192.168.2.8	0x5647	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:38:49.689161062 CET	1.1.1.1	192.168.2.8	0x2dad	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 29, 2024 15:38:59.732392073 CET	1.1.1.1	192.168.2.8	0x6f07	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:38:59.732392073 CET	1.1.1.1	192.168.2.8	0x6f07	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 15:38:59.732392073 CET	1.1.1.1	192.168.2.8	0x6f07	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:39:02.849539995 CET	1.1.1.1	192.168.2.8	0x6870	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 29, 2024 15:39:02.849539995 CET	1.1.1.1	192.168.2.8	0x6870	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.lodop.net

https:

hm.baidu.com

fs.microsoft.com

otelrules.azureedge.net

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 29, 2024 15:38:10.914098978 CET	111.45.3.198	443	192.168.2.8	49735	CN=baidu.com, O="Beijing Baidu Netcom Science Technology Co., Ltd", L=beijing, ST=beijing, C=CN CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3	CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon Jul 08 03:41:02 CEST 2024 Wed Nov 21 01:00:00 CET 2018 Wed Sep 19 02:00:00 CEST 2018	Sat Aug 09 03:41:01 CEST 2025 Tue Nov 21 01:00:00 CET 2028 Fri Jan 28 13:00:00 CET 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,51-5-17513-10-43-65281-23-18-0-16-65037-27-45-11-35-13-21,29-23-24,0	2e0c0ee371c756ea0f5b426741b4d3e5
					CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3	Wed Nov 21 01:00:00 CET 2018	Tue Nov 21 01:00:00 CET 2028
					CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Sep 19 02:00:00 CEST 2018	Fri Jan 28 13:00:00 CET 2028

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49709	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:49 UTC	656	OUT	GET / HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:50 UTC	244	IN	HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Wed, 17 Aug 2022 01:39:31 GMT Accept-Ranges: bytes ETag: "82943032dab1d81:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:50 GMT Connection: close Content-Length: 7463
2024-10-29 14:37:50 UTC	7463	IN	Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4c 6f 64 6f 70 e5 92 8c 43 2d 4c 6f 64 6f 70 e5 ae 98 e7 bd 91 e4 b8 bb e7 ab 99 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 4c 6f 64 6f 70 2c 43 2d 4c 6f 64 6f 70 2c e6 89 93 e5 8d b0 e6 8e a7 e4 bb b6 2c 57 45 42 e6 89 93 e5 8d b0 2c 43 2d 4c 6f 64 6f 70 2c 43 4c 6f 64 6f 70 2c 6c 6f 64 6f 70 e6 8e Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>LodopC-Lodop</title> <meta name="keywords" content="Lodop,C-Lodop,,WEB,C-Lodop,CLodop,lodop

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49718	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 14:37:51 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=80217 Date: Tue, 29 Oct 2024 14:37:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49717	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:51 UTC	537	OUT	GET /css/main.css HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:52 UTC	244	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Wed, 22 May 2019 07:28:49 GMT Accept-Ranges: bytes ETag: "cd8addff6f10d51:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:52 GMT Connection: close Content-Length: 12239
2024-10-29 14:37:52 UTC	12239	IN	Data Raw: 2f 2a 20 e5 85 a8 e5 b1 80 20 2a 2f 0a 62 6f 64 79 2c 20 66 6f 72 6d 2c 20 70 2c 20 75 6c 2c 20 64 6c 2c 20 69 6e 70 75 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 37 66 37 66 37 3b 0a 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 66 6f 6e 74 3a 20 31 32 70 78 2f 31 38 70 78 20 22 73 61 6e 73 20 73 65 72 69 66 22 2c 74 61 68 6f 6d 61 2c 76 65 72 64 61 6e 61 2c 68 65 6c 76 65 74 69 63 61 3b 0a 7d 0a 64 69 76 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 7d 0a 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 3b 0a 7d 0a 61 20 7b 0a 09 74 Data Ascii: /* */body, form, p, ul, dl, input, textarea {margin: 0;padding: 0;}body {background: #f7f7f7;color: #333;font: 12px/18px "sans serif",tahoma,verdana,helvetica;}div {margin: auto;}h1, h2, h3, h4, h5, h6 {margin: 10px 0;}a {t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49714	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:52 UTC	541	OUT	GET /css/prettify.css HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:52 UTC	242	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Tue, 28 Mar 2017 08:56:05 GMT Accept-Ranges: bytes ETag: "14224b22a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:52 GMT Connection: close Content-Length: 938
2024-10-29 14:37:52 UTC	938	IN	Data Raw: 2f 2a 20 50 72 65 74 74 79 20 70 72 69 6e 74 69 6e 67 20 73 74 79 6c 65 73 2e 20 55 73 65 64 20 77 69 74 68 20 70 72 65 74 74 69 66 79 2e 6a 73 2e 20 2a 2f 0a 0a 2e 73 74 72 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 38 30 3b 20 7d 0a 2e 6b 77 64 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 38 3b 20 7d 0a 2e 63 6f 6d 20 7b 20 63 6f 6c 6f 72 3a 20 23 38 30 30 3b 20 7d 0a 2e 74 79 70 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 3b 20 7d 0a 2e 6c 69 74 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 36 36 3b 20 7d 0a 2e 70 75 6e 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 36 30 3b 20 7d 0a 2e 70 6c 6e 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 20 7d 0a 2e 74 61 67 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 38 3b 20 7d 0a 2e 61 74 6e 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 3b 20 7d 0a 2e 61 74 Data Ascii: /* Pretty printing styles. Used with prettify.js. */.str { color: #080; }.kwd { color: #008; }.com { color: #800; }.typ { color: #606; }.lit { color: #066; }.pun { color: #660; }.pln { color: #000; }.tag { color: #008; }.atn { color: #606; }.at

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49719	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 14:37:52 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=80270 Date: Tue, 29 Oct 2024 14:37:52 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-29 14:37:52 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49715	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:53 UTC	540	OUT	GET /css/default.css HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:53 UTC	244	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Tue, 28 Mar 2017 08:56:05 GMT Accept-Ranges: bytes ETag: "1ad51d22a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:53 GMT Connection: close Content-Length: 20799
2024-10-29 14:37:53 UTC	16140	IN	Data Raw: 2f 2a 20 63 6f 6d 6d 6f 6e 20 2a 2f 0a 2e 6b 65 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 73 74 61 63 6b 3b 0a 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 7a 6f 6f 6d 3a 20 31 3b 0a 09 2a 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 7d 0a 2e 6b 65 2d 63 6c 65 61 72 66 69 78 20 7b 0a 09 7a 6f 6f 6d 3a 20 31 3b 0a 7d 0a 2e 6b 65 2d 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 2e 22 3b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 3b 0a 09 68 65 69 67 Data Ascii: /* common /.ke-inline-block {display: -moz-inline-stack;display: inline-block;vertical-align: middle;zoom: 1;display: inline;}.ke-clearfix {zoom: 1;}.ke-clearfix:after {content: ".";display: block;clear: both;font-size: 0;heig
2024-10-29 14:37:53 UTC	4659	IN	Data Raw: 69 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 41 30 41 30 41 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 30 46 30 45 45 3b 0a 09 6d 61 72 67 69 6e 3a 20 30 20 32 70 78 20 2d 31 70 78 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 3b 0a 09 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 63 6f 6c 6f 72 3a 20 23 35 35 35 35 35 35 3b 0a 09 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 7d 0a 2e 6b 65 2d 74 61 62 73 2d 6c 69 2d 73 65 6c 65 63 74 65 64 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a Data Ascii: i {position: relative;border: 1px solid #A0A0A0;background-color: #F0F0EE;margin: 0 2px -1px 0;padding: 0 20px;float: left;line-height: 25px;text-align: center;color: #555555;cursor: pointer;}.ke-tabs-li-selected {background-color:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49710	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:55 UTC	525	OUT	GET /push_tongji.js HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:55 UTC	257	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript Last-Modified: Sun, 21 May 2017 07:06:48 GMT Accept-Ranges: bytes ETag: "fbd233d00d2d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:55 GMT Connection: close Content-Length: 809
2024-10-29 14:37:55 UTC	809	IN	Data Raw: 0d 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0d 0a 0a 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 0d 0a 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 0d 0a 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 30 63 62 35 30 38 64 37 39 63 66 39 62 33 36 32 66 62 66 65 32 35 33 66 32 33 64 61 39 36 39 64 22 3b 0a 20 20 0d 0a 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 0d 0a 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d Data Ascii: var _hmt = _hmt \|\| [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49720	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:55 UTC	583	OUT	GET /png/logo.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:56 UTC	245	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 02 Feb 2018 11:42:24 GMT Accept-Ranges: bytes ETag: "8784fbe41a9cd31:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:55 GMT Connection: close Content-Length: 10742
2024-10-29 14:37:56 UTC	10742	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 22 08 06 00 00 00 1a 87 96 7a 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 04 67 41 4d 41 00 00 b1 8e 7c fb 51 93 00 00 00 20 63 48 52 4d 00 00 7a 25 00 00 80 83 00 00 f9 ff 00 00 80 e9 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 6f 92 5f c5 46 00 00 29 6c 49 44 41 54 78 da bc 7d 79 9c 14 d5 bd ef f7 9c aa ea 95 d9 99 99 ae 06 61 40 59 54 14 93 a0 51 49 c0 a0 11 89 7b 9e e4 b9 25 28 8e 42 22 5c 85 08 17 1d 18 18 76 71 43 4d ae 4f 36 89 12 a3 c2 43 2f f7 fa 10 7d 9a 3c fc 10 05 84 04 bd 8a 32 03 82 33 d3 cb 2c 3d 5b af 55 75 ce b9 7f 4c 57 5b 5d d3 3d 33 78 73 df f9 7c fa 33 dd 55 a7 ea 6c bf f5 fb fb 9d 33 e4 cb e3 c7 45 43 63 10 9a c1 61 2f 84 10 90 de 2f 70 Data Ascii: PNGIHDR"zpHYsgAMA\|Q cHRMz%u0`:o_F)lIDATx}ya@YTQI{%(B"\vqCMO6C/}<23,=[UuLW[]=3xs\|3Ul3ECca//p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49726	14.215.183.79	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:57 UTC	547	OUT	GET /hm.js?0cb508d79cf9b362fbfe253f23da969d HTTP/1.1 Host: hm.baidu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:58 UTC	615	IN	HTTP/1.1 200 OK Cache-Control: max-age=0, must-revalidate Content-Length: 29898 Content-Type: application/javascript Date: Tue, 29 Oct 2024 14:37:57 GMT Etag: 336f0f202896a02f0654affadb2db6ed P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Server: apache Set-Cookie: HMACCOUNT=DA7661259EA8C1A9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT Set-Cookie: HMACCOUNT_BFESS=DA7661259EA8C1A9; Path=/; Domain=hm.baidu.com; Expires=Mon, 18 Jan 2038 00:00:00 GMT; Secure; SameSite=None Strict-Transport-Security: max-age=172800 Connection: close
2024-10-29 14:37:58 UTC	564	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 7b 7d 2c 6d 74 3d 7b 7d 2c 63 3d 7b 69 64 3a 22 30 63 62 35 30 38 64 37 39 63 66 39 62 33 36 32 66 62 66 65 32 35 33 66 32 33 64 61 39 36 39 64 22 2c 64 6d 3a 5b 22 6c 6f 64 6f 70 2e 6e 65 74 2e 63 6e 22 5d 2c 6a 73 3a 22 74 6f 6e 67 6a 69 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2d 77 65 62 2f 6a 73 2f 22 2c 65 74 72 6b 3a 5b 5d 2c 63 65 74 72 6b 3a 5b 5d 2c 63 70 74 72 6b 3a 5b 5d 2c 69 63 6f 6e 3a 27 27 2c 63 74 72 6b 3a 5b 5d 2c 76 64 75 72 3a 31 38 30 30 30 30 30 2c 61 67 65 3a 33 31 35 33 36 30 30 30 30 30 30 2c 71 69 61 6f 3a 30 2c 70 74 3a 30 2c 73 70 61 3a 30 2c 61 65 74 3a 27 27 2c 68 63 61 3a 27 44 41 37 36 36 31 32 35 39 45 41 38 43 31 41 39 27 2c 61 62 3a 27 30 27 2c 76 3a 31 7d 3b 76 61 72 Data Ascii: (function(){var h={},mt={},c={id:"0cb508d79cf9b362fbfe253f23da969d",dm:["lodop.net.cn"],js:"tongji.baidu.com/hm-web/js/",etrk:[],cetrk:[],cptrk:[],icon:'',ctrk:[],vdur:1800000,age:31536000000,qiao:0,pt:0,spa:0,aet:'',hca:'DA7661259EA8C1A9',ab:'0',v:1};var
2024-10-29 14:37:58 UTC	449	IN	Data Raw: 22 28 5e 7c 20 29 22 2b 65 2b 22 3d 28 5b 5e 3b 5d 2a 29 28 3b 7c 24 29 22 29 2e 65 78 65 63 28 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 29 29 3f 65 5b 32 5d 3a 75 7d 3b 0a 6d 74 2e 63 6f 6f 6b 69 65 2e 72 62 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 22 48 6d 5f 63 6b 5f 22 2b 20 2b 6e 65 77 20 44 61 74 65 3b 6d 74 2e 63 6f 6f 6b 69 65 2e 73 65 74 28 62 2c 22 34 32 22 2c 7b 64 6f 6d 61 69 6e 3a 65 2c 70 61 74 68 3a 61 2c 43 3a 73 7d 29 3b 76 61 72 20 6b 3d 22 34 32 22 3d 3d 3d 6d 74 2e 63 6f 6f 6b 69 65 2e 67 65 74 28 62 29 3f 22 31 22 3a 22 30 22 3b 6d 74 2e 63 6f 6f 6b 69 65 2e 73 65 74 28 62 2c 22 22 2c 7b 64 6f 6d 61 69 6e 3a 65 2c 70 61 74 68 3a 61 2c 43 3a 2d 31 7d 29 3b 72 65 74 75 72 6e 20 6b 7d 63 61 74 63 68 Data Ascii: "(^\| )"+e+"=([^;]*)(;\|$)").exec(document.cookie))?e[2]:u};mt.cookie.rb=function(e,a){try{var b="Hm_ck_"+ +new Date;mt.cookie.set(b,"42",{domain:e,path:a,C:s});var k="42"===mt.cookie.get(b)?"1":"0";mt.cookie.set(b,"",{domain:e,path:a,C:-1});return k}catch
2024-10-29 14:37:58 UTC	3537	IN	Data Raw: 74 3b 6d 74 2e 6c 61 6e 67 3d 7b 7d 3b 6d 74 2e 6c 61 6e 67 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 5b 6f 62 6a 65 63 74 20 22 2b 62 2b 22 5d 22 3d 3d 3d 7b 7d 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 61 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 46 75 6e 63 74 69 6f 6e 22 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 4a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 4f 62 6a 65 63 74 22 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 4e 75 6d 62 65 72 22 29 26 26 69 73 46 69 6e 69 74 65 28 61 29 7d 3b Data Ascii: t;mt.lang={};mt.lang.i=function(a,b){return"[object "+b+"]"==={}.toString.call(a)};mt.lang.j=function(a){return mt.lang.i(a,"Function")};mt.lang.J=function(a){return mt.lang.i(a,"Object")};mt.lang.Xb=function(a){return mt.lang.i(a,"Number")&&isFinite(a)};
2024-10-29 14:37:58 UTC	4716	IN	Data Raw: 70 3c 65 3b 70 2b 2b 29 7b 76 61 72 20 6e 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 70 5d 3b 69 66 28 6e 2e 6e 6f 64 65 4e 61 6d 65 3d 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 26 26 28 67 2b 2b 2c 6e 3d 3d 3d 62 26 26 28 6c 3d 67 29 2c 30 3c 6c 26 26 31 3c 67 29 29 62 72 65 61 6b 7d 69 66 28 28 65 3d 22 22 21 3d 3d 62 2e 69 64 29 26 26 61 29 7b 64 2e 75 6e 73 68 69 66 74 28 22 23 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 2e 69 64 29 29 3b 62 72 65 61 6b 7d 65 6c 73 65 20 65 26 26 28 65 3d 22 23 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 2e 69 64 29 2c 65 3d 30 3c 64 2e 6c 65 6e 67 74 68 3f 65 2b 22 3e 22 2b 64 2e 6a 6f 69 6e 28 22 3e 22 29 3a 65 2c 66 2e 70 75 73 68 28 65 29 29 2c Data Ascii: p<e;p++){var n=b.parentNode.childNodes[p];if(n.nodeName===b.nodeName&&(g++,n===b&&(l=g),0<l&&1<g))break}if((e=""!==b.id)&&a){d.unshift("#"+encodeURIComponent(b.id));break}else e&&(e="#"+encodeURIComponent(b.id),e=0<d.length?e+">"+d.join(">"):e,f.push(e)),
2024-10-29 14:37:58 UTC	4779	IN	Data Raw: 5c 66 22 3a 22 5c 5c 66 22 2c 22 5c 72 22 3a 22 5c 5c 72 22 2c 27 22 27 3a 27 5c 5c 22 27 2c 22 5c 5c 22 3a 22 5c 5c 5c 5c 22 7d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 62 29 7b 63 61 73 65 20 22 75 6e 64 65 66 69 6e 65 64 22 3a 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 62 29 3f 53 74 72 69 6e 67 28 62 29 3a 22 6e 75 6c 6c 22 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 72 65 74 75 72 6e 20 65 28 62 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 62 29 3b 0a 64 65 66 61 75 6c 74 3a 69 66 28 62 3d 3d 3d 75 29 72 65 74 75 72 6e 22 6e 75 6c 6c 22 3b 69 Data Ascii: \f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"};return function(b){switch(typeof b){case "undefined":return"undefined";case "number":return isFinite(b)?String(b):"null";case "string":return e(b);case "boolean":return String(b);default:if(b===u)return"null";i
2024-10-29 14:37:58 UTC	2896	IN	Data Raw: 2e 62 61 69 64 75 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 74 6f 6e 67 6a 69 2f 70 6c 75 67 69 6e 73 2f 22 2c 6e 61 3a 5b 22 55 72 6c 43 68 61 6e 67 65 54 72 61 63 6b 65 72 22 5d 2c 4f 62 3a 7b 61 63 3a 30 2c 6a 63 3a 31 2c 59 62 3a 32 7d 2c 5a 62 3a 22 68 74 74 70 73 3a 2f 2f 66 63 6c 6f 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 6c 6f 67 2f 6f 63 70 63 61 67 6c 3f 74 79 70 65 3d 62 65 68 61 76 69 6f 72 26 65 6d 64 3d 65 75 63 22 7d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 74 3a 7b 7d 2c 63 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 74 5b 61 5d 3d 74 68 69 73 2e 74 5b 61 5d 7c 7c 5b 5d 3b 74 68 69 73 2e 74 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 6b 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 74 5b 61 5d 3d 74 68 Data Ascii: .baidu.com/static/tongji/plugins/",na:["UrlChangeTracker"],Ob:{ac:0,jc:1,Yb:2},Zb:"https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc"};(function(){var e={t:{},c:function(a,b){this.t[a]=this.t[a]\|\|[];this.t[a].push(b)},k:function(a,b){this.t[a]=th
2024-10-29 14:37:58 UTC	8253	IN	Data Raw: 3b 6b 3c 6c 3b 6b 2b 2b 29 67 5b 62 5d 3d 22 22 2c 2f 5c 5b 31 5c 5d 24 2f 2e 74 65 73 74 28 62 29 26 26 28 67 5b 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 5b 22 29 29 5d 3d 22 22 29 2c 2f 5c 5d 24 2f 2e 74 65 73 74 28 62 29 7c 7c 0a 28 67 5b 62 2b 22 5b 31 5d 22 5d 3d 22 22 29 2c 62 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 3e 22 29 29 3b 61 26 26 28 65 2e 4a 28 61 29 26 26 61 2e 62 61 29 26 26 61 2e 62 61 28 67 29 7d 2c 7a 62 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 28 65 2e 74 61 72 67 65 74 7c 7c 65 2e 73 72 63 45 6c 65 6d 65 6e 74 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 61 2e 50 2c 65 2e 63 6c Data Ascii: ;k<l;k++)g[b]="",/\[1\]$/.test(b)&&(g[b.substring(0,b.lastIndexOf("["))]=""),/\]$/.test(b)\|\|(g[b+"[1]"]=""),b=b.substring(0,b.lastIndexOf(">"));a&&(e.J(a)&&a.ba)&&a.ba(g)},zb:function(a,b){return function(e){(e.target\|\|e.srcElement).setAttribute(a.P,e.cl
2024-10-29 14:37:58 UTC	4704	IN	Data Raw: 76 61 72 20 61 2c 62 2c 65 2c 66 3b 6d 2e 6b 61 3d 70 2e 67 65 74 44 61 74 61 28 22 48 6d 5f 6c 70 76 74 5f 22 2b 63 2e 69 64 29 7c 7c 30 3b 69 66 28 66 3d 0a 70 2e 67 65 74 44 61 74 61 28 22 48 6d 5f 6c 76 74 5f 22 2b 63 2e 69 64 29 29 7b 66 6f 72 28 62 3d 66 2e 73 70 6c 69 74 28 22 2c 22 29 3b 32 35 39 32 45 33 3c 6d 2e 42 2d 62 5b 30 5d 3b 29 62 2e 73 68 69 66 74 28 29 3b 65 3d 34 3e 62 2e 6c 65 6e 67 74 68 3f 32 3a 33 3b 66 6f 72 28 6d 2e 42 2d 6d 2e 6b 61 3e 63 2e 76 64 75 72 26 26 62 2e 70 75 73 68 28 6d 2e 42 29 3b 34 3c 62 2e 6c 65 6e 67 74 68 3b 29 62 2e 73 68 69 66 74 28 29 3b 66 3d 62 2e 6a 6f 69 6e 28 22 2c 22 29 3b 62 3d 62 5b 62 2e 6c 65 6e 67 74 68 2d 31 5d 7d 65 6c 73 65 20 66 3d 6d 2e 42 2c 62 3d 22 22 2c 65 3d 31 3b 74 68 69 73 2e 6e 62 Data Ascii: var a,b,e,f;m.ka=p.getData("Hm_lpvt_"+c.id)\|\|0;if(f=p.getData("Hm_lvt_"+c.id)){for(b=f.split(",");2592E3<m.B-b[0];)b.shift();e=4>b.length?2:3;for(m.B-m.ka>c.vdur&&b.push(m.B);4<b.length;)b.shift();f=b.join(",");b=b[b.length-1]}else f=m.B,b="",e=1;this.nb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49725	14.215.183.79	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:57 UTC	547	OUT	GET /hm.js?f77310fb1e9bd277ac94694a069bd4e9 HTTP/1.1 Host: hm.baidu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:58 UTC	615	IN	HTTP/1.1 200 OK Cache-Control: max-age=0, must-revalidate Content-Length: 29897 Content-Type: application/javascript Date: Tue, 29 Oct 2024 14:37:57 GMT Etag: b743e0dfa212786c54e5963cc289a362 P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Server: apache Set-Cookie: HMACCOUNT=F23A71B5E5FEC086; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT Set-Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086; Path=/; Domain=hm.baidu.com; Expires=Mon, 18 Jan 2038 00:00:00 GMT; Secure; SameSite=None Strict-Transport-Security: max-age=172800 Connection: close
2024-10-29 14:37:58 UTC	564	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 7b 7d 2c 6d 74 3d 7b 7d 2c 63 3d 7b 69 64 3a 22 66 37 37 33 31 30 66 62 31 65 39 62 64 32 37 37 61 63 39 34 36 39 34 61 30 36 39 62 64 34 65 39 22 2c 64 6d 3a 5b 22 63 2d 6c 6f 64 6f 70 2e 63 6f 6d 22 5d 2c 6a 73 3a 22 74 6f 6e 67 6a 69 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2d 77 65 62 2f 6a 73 2f 22 2c 65 74 72 6b 3a 5b 5d 2c 63 65 74 72 6b 3a 5b 5d 2c 63 70 74 72 6b 3a 5b 5d 2c 69 63 6f 6e 3a 27 27 2c 63 74 72 6b 3a 5b 5d 2c 76 64 75 72 3a 31 38 30 30 30 30 30 2c 61 67 65 3a 33 31 35 33 36 30 30 30 30 30 30 2c 71 69 61 6f 3a 30 2c 70 74 3a 30 2c 73 70 61 3a 30 2c 61 65 74 3a 27 27 2c 68 63 61 3a 27 46 32 33 41 37 31 42 35 45 35 46 45 43 30 38 36 27 2c 61 62 3a 27 30 27 2c 76 3a 31 7d 3b 76 61 72 20 Data Ascii: (function(){var h={},mt={},c={id:"f77310fb1e9bd277ac94694a069bd4e9",dm:["c-lodop.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],cetrk:[],cptrk:[],icon:'',ctrk:[],vdur:1800000,age:31536000000,qiao:0,pt:0,spa:0,aet:'',hca:'F23A71B5E5FEC086',ab:'0',v:1};var
2024-10-29 14:37:58 UTC	449	IN	Data Raw: 28 5e 7c 20 29 22 2b 65 2b 22 3d 28 5b 5e 3b 5d 2a 29 28 3b 7c 24 29 22 29 2e 65 78 65 63 28 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 29 29 3f 65 5b 32 5d 3a 75 7d 3b 0a 6d 74 2e 63 6f 6f 6b 69 65 2e 72 62 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 74 72 79 7b 76 61 72 20 62 3d 22 48 6d 5f 63 6b 5f 22 2b 20 2b 6e 65 77 20 44 61 74 65 3b 6d 74 2e 63 6f 6f 6b 69 65 2e 73 65 74 28 62 2c 22 34 32 22 2c 7b 64 6f 6d 61 69 6e 3a 65 2c 70 61 74 68 3a 61 2c 43 3a 73 7d 29 3b 76 61 72 20 6b 3d 22 34 32 22 3d 3d 3d 6d 74 2e 63 6f 6f 6b 69 65 2e 67 65 74 28 62 29 3f 22 31 22 3a 22 30 22 3b 6d 74 2e 63 6f 6f 6b 69 65 2e 73 65 74 28 62 2c 22 22 2c 7b 64 6f 6d 61 69 6e 3a 65 2c 70 61 74 68 3a 61 2c 43 3a 2d 31 7d 29 3b 72 65 74 75 72 6e 20 6b 7d 63 61 74 63 68 28 Data Ascii: (^\| )"+e+"=([^;]*)(;\|$)").exec(document.cookie))?e[2]:u};mt.cookie.rb=function(e,a){try{var b="Hm_ck_"+ +new Date;mt.cookie.set(b,"42",{domain:e,path:a,C:s});var k="42"===mt.cookie.get(b)?"1":"0";mt.cookie.set(b,"",{domain:e,path:a,C:-1});return k}catch(
2024-10-29 14:37:58 UTC	3537	IN	Data Raw: 3b 6d 74 2e 6c 61 6e 67 3d 7b 7d 3b 6d 74 2e 6c 61 6e 67 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 5b 6f 62 6a 65 63 74 20 22 2b 62 2b 22 5d 22 3d 3d 3d 7b 7d 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 61 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 6a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 46 75 6e 63 74 69 6f 6e 22 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 4a 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 4f 62 6a 65 63 74 22 29 7d 3b 6d 74 2e 6c 61 6e 67 2e 58 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6d 74 2e 6c 61 6e 67 2e 69 28 61 2c 22 4e 75 6d 62 65 72 22 29 26 26 69 73 46 69 6e 69 74 65 28 61 29 7d 3b 6d Data Ascii: ;mt.lang={};mt.lang.i=function(a,b){return"[object "+b+"]"==={}.toString.call(a)};mt.lang.j=function(a){return mt.lang.i(a,"Function")};mt.lang.J=function(a){return mt.lang.i(a,"Object")};mt.lang.Xb=function(a){return mt.lang.i(a,"Number")&&isFinite(a)};m
2024-10-29 14:37:58 UTC	4716	IN	Data Raw: 3c 65 3b 70 2b 2b 29 7b 76 61 72 20 6e 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 70 5d 3b 69 66 28 6e 2e 6e 6f 64 65 4e 61 6d 65 3d 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 26 26 28 67 2b 2b 2c 6e 3d 3d 3d 62 26 26 28 6c 3d 67 29 2c 30 3c 6c 26 26 31 3c 67 29 29 62 72 65 61 6b 7d 69 66 28 28 65 3d 22 22 21 3d 3d 62 2e 69 64 29 26 26 61 29 7b 64 2e 75 6e 73 68 69 66 74 28 22 23 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 2e 69 64 29 29 3b 62 72 65 61 6b 7d 65 6c 73 65 20 65 26 26 28 65 3d 22 23 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 2e 69 64 29 2c 65 3d 30 3c 64 2e 6c 65 6e 67 74 68 3f 65 2b 22 3e 22 2b 64 2e 6a 6f 69 6e 28 22 3e 22 29 3a 65 2c 66 2e 70 75 73 68 28 65 29 29 2c 64 Data Ascii: <e;p++){var n=b.parentNode.childNodes[p];if(n.nodeName===b.nodeName&&(g++,n===b&&(l=g),0<l&&1<g))break}if((e=""!==b.id)&&a){d.unshift("#"+encodeURIComponent(b.id));break}else e&&(e="#"+encodeURIComponent(b.id),e=0<d.length?e+">"+d.join(">"):e,f.push(e)),d
2024-10-29 14:37:58 UTC	4779	IN	Data Raw: 66 22 3a 22 5c 5c 66 22 2c 22 5c 72 22 3a 22 5c 5c 72 22 2c 27 22 27 3a 27 5c 5c 22 27 2c 22 5c 5c 22 3a 22 5c 5c 5c 5c 22 7d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 62 29 7b 63 61 73 65 20 22 75 6e 64 65 66 69 6e 65 64 22 3a 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 62 29 3f 53 74 72 69 6e 67 28 62 29 3a 22 6e 75 6c 6c 22 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 72 65 74 75 72 6e 20 65 28 62 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 62 29 3b 0a 64 65 66 61 75 6c 74 3a 69 66 28 62 3d 3d 3d 75 29 72 65 74 75 72 6e 22 6e 75 6c 6c 22 3b 69 66 Data Ascii: f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"};return function(b){switch(typeof b){case "undefined":return"undefined";case "number":return isFinite(b)?String(b):"null";case "string":return e(b);case "boolean":return String(b);default:if(b===u)return"null";if
2024-10-29 14:37:58 UTC	2896	IN	Data Raw: 62 61 69 64 75 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 74 6f 6e 67 6a 69 2f 70 6c 75 67 69 6e 73 2f 22 2c 6e 61 3a 5b 22 55 72 6c 43 68 61 6e 67 65 54 72 61 63 6b 65 72 22 5d 2c 4f 62 3a 7b 61 63 3a 30 2c 6a 63 3a 31 2c 59 62 3a 32 7d 2c 5a 62 3a 22 68 74 74 70 73 3a 2f 2f 66 63 6c 6f 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 6c 6f 67 2f 6f 63 70 63 61 67 6c 3f 74 79 70 65 3d 62 65 68 61 76 69 6f 72 26 65 6d 64 3d 65 75 63 22 7d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 74 3a 7b 7d 2c 63 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 74 5b 61 5d 3d 74 68 69 73 2e 74 5b 61 5d 7c 7c 5b 5d 3b 74 68 69 73 2e 74 5b 61 5d 2e 70 75 73 68 28 62 29 7d 2c 6b 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 74 5b 61 5d 3d 74 68 69 Data Ascii: baidu.com/static/tongji/plugins/",na:["UrlChangeTracker"],Ob:{ac:0,jc:1,Yb:2},Zb:"https://fclog.baidu.com/log/ocpcagl?type=behavior&emd=euc"};(function(){var e={t:{},c:function(a,b){this.t[a]=this.t[a]\|\|[];this.t[a].push(b)},k:function(a,b){this.t[a]=thi
2024-10-29 14:37:58 UTC	2896	IN	Data Raw: 6b 3c 6c 3b 6b 2b 2b 29 67 5b 62 5d 3d 22 22 2c 2f 5c 5b 31 5c 5d 24 2f 2e 74 65 73 74 28 62 29 26 26 28 67 5b 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 5b 22 29 29 5d 3d 22 22 29 2c 2f 5c 5d 24 2f 2e 74 65 73 74 28 62 29 7c 7c 0a 28 67 5b 62 2b 22 5b 31 5d 22 5d 3d 22 22 29 2c 62 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 3e 22 29 29 3b 61 26 26 28 65 2e 4a 28 61 29 26 26 61 2e 62 61 29 26 26 61 2e 62 61 28 67 29 7d 2c 7a 62 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 28 65 2e 74 61 72 67 65 74 7c 7c 65 2e 73 72 63 45 6c 65 6d 65 6e 74 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 61 2e 50 2c 65 2e 63 6c 69 Data Ascii: k<l;k++)g[b]="",/\[1\]$/.test(b)&&(g[b.substring(0,b.lastIndexOf("["))]=""),/\]$/.test(b)\|\|(g[b+"[1]"]=""),b=b.substring(0,b.lastIndexOf(">"));a&&(e.J(a)&&a.ba)&&a.ba(g)},zb:function(a,b){return function(e){(e.target\|\|e.srcElement).setAttribute(a.P,e.cli
2024-10-29 14:37:58 UTC	4344	IN	Data Raw: 3d 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 31 30 30 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2c 64 3d 22 22 3b 69 66 28 62 20 69 6e 20 61 29 64 3d 62 3b 65 6c 73 65 20 66 6f 72 28 76 61 72 20 6d 3d 5b 22 77 65 62 6b 69 74 22 2c 22 6d 73 22 2c 22 6d 6f 7a 22 2c 22 6f 22 5d 2c 65 3d 30 3b 65 3c 6d 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 6d 5b 65 5d 2b 62 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 62 2e 73 6c 69 63 65 28 31 29 3b 69 66 28 66 20 69 6e 20 61 29 7b 64 3d 66 3b 62 72 65 61 6b 7d 7d 72 65 74 75 72 6e 20 64 7d 0a 66 75 6e 63 74 69 6f 6e 20 6b 28 62 29 7b 69 66 28 21 28 22 66 6f 63 75 73 22 3d 3d 62 2e 74 79 70 65 7c 7c 22 62 6c 75 72 22 3d 3d 62 2e 74 Data Ascii: =setTimeout(a,100)}function b(b){var a=document,d="";if(b in a)d=b;else for(var m=["webkit","ms","moz","o"],e=0;e<m.length;e++){var f=m[e]+b.charAt(0).toUpperCase()+b.slice(1);if(f in a){d=f;break}}return d}function k(b){if(!("focus"==b.type\|\|"blur"==b.t
2024-10-29 14:37:58 UTC	5716	IN	Data Raw: 61 6b 7d 7d 7d 2c 5f 72 65 71 75 69 72 65 50 6c 75 67 69 6e 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3c 0a 61 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 64 3d 77 69 6e 64 6f 77 2e 5f 68 6d 74 2c 65 3d 61 5b 31 5d 2c 67 3d 61 5b 32 5d 7c 7c 7b 7d 3b 69 66 28 62 2e 58 28 66 2e 6e 61 2c 65 29 29 69 66 28 64 2e 70 6c 75 67 69 6e 73 3d 64 2e 70 6c 75 67 69 6e 73 7c 7c 7b 7d 2c 64 2e 7a 3d 64 2e 7a 7c 7c 7b 7d 2c 64 2e 70 6c 75 67 69 6e 73 5b 65 5d 26 26 21 64 2e 7a 5b 65 5d 29 64 2e 7a 5b 65 5d 3d 6e 65 77 20 64 2e 70 6c 75 67 69 6e 73 5b 65 5d 28 67 29 3b 65 6c 73 65 7b 64 2e 6c 3d 64 2e 6c 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 67 3d 30 2c 6b 3d 64 2e 6c 2e 6c 65 6e 67 74 68 3b 67 3c 6b 3b 67 2b 2b 29 69 66 28 64 2e 6c 5b 67 5d 5b 31 5d 3d 3d 3d 65 29 Data Ascii: ak}}},_requirePlugin:function(a){if(1<a.length){var d=window._hmt,e=a[1],g=a[2]\|\|{};if(b.X(f.na,e))if(d.plugins=d.plugins\|\|{},d.z=d.z\|\|{},d.plugins[e]&&!d.z[e])d.z[e]=new d.plugins[e](g);else{d.l=d.l\|\|[];for(var g=0,k=d.l.length;g<k;g++)if(d.l[g][1]===e)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49721	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:57 UTC	607	OUT	GET /png/inner_top_middle.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:57 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "32c8bac4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:56 GMT Connection: close Content-Length: 2026
2024-10-29 14:37:57 UTC	2026	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 14 08 03 00 00 00 62 6d 34 c4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRbm4tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49724	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:58 UTC	603	OUT	GET /png/inner_top_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:58 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "42b5a7c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:58 GMT Connection: close Content-Length: 1085
2024-10-29 14:37:58 UTC	1085	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 14 08 03 00 00 00 7b d0 a7 93 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR{tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49729	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:58 UTC	351	OUT	GET /push_tongji.js HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:58 UTC	257	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript Last-Modified: Sun, 21 May 2017 07:06:48 GMT Accept-Ranges: bytes ETag: "fbd233d00d2d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:58 GMT Connection: close Content-Length: 809
2024-10-29 14:37:58 UTC	809	IN	Data Raw: 0d 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0d 0a 0a 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 0d 0a 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 0d 0a 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 30 63 62 35 30 38 64 37 39 63 66 39 62 33 36 32 66 62 66 65 32 35 33 66 32 33 64 61 39 36 39 64 22 3b 0a 20 20 0d 0a 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 0d 0a 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d Data Ascii: var _hmt = _hmt \|\| [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?0cb508d79cf9b362fbfe253f23da969d"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49723	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:58 UTC	601	OUT	GET /png/list_point.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:59 UTC	195	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:58 GMT Connection: close Content-Length: 5092
2024-10-29 14:37:59 UTC	5092	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 37 2e 35 20 e8 af a6 e7 bb 86 e9 94 99 e8 af af 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.5 - 404.0 - Not Found</title> <style type="text/css"> ... bod

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49727	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:58 UTC	600	OUT	GET /png/inner_top.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:59 UTC	195	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:59 GMT Connection: close Content-Length: 5090
2024-10-29 14:37:59 UTC	5090	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 37 2e 35 20 e8 af a6 e7 bb 86 e9 94 99 e8 af af 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.5 - 404.0 - Not Found</title> <style type="text/css"> ... bod

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49716	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:58 UTC	598	OUT	GET /png/body_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:37:59 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:32 GMT Accept-Ranges: bytes ETag: "fcc08dc1a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:58 GMT Connection: close Content-Length: 1033
2024-10-29 14:37:59 UTC	1033	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 01 08 03 00 00 00 31 76 a7 ec 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR1vtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49722	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:37:59 UTC	583	OUT	GET /png/sina.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:00 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:41 GMT Accept-Ranges: bytes ETag: "1a2ba1c6a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:37:59 GMT Connection: close Content-Length: 2640
2024-10-29 14:38:00 UTC	2640	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 23 00 00 00 20 08 03 00 00 00 af 93 31 c5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR# 1tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49728	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:00 UTC	349	OUT	GET /png/logo.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:01 UTC	245	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 02 Feb 2018 11:42:24 GMT Accept-Ranges: bytes ETag: "8784fbe41a9cd31:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:00 GMT Connection: close Content-Length: 10742
2024-10-29 14:38:01 UTC	10742	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 22 08 06 00 00 00 1a 87 96 7a 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 04 67 41 4d 41 00 00 b1 8e 7c fb 51 93 00 00 00 20 63 48 52 4d 00 00 7a 25 00 00 80 83 00 00 f9 ff 00 00 80 e9 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 6f 92 5f c5 46 00 00 29 6c 49 44 41 54 78 da bc 7d 79 9c 14 d5 bd ef f7 9c aa ea 95 d9 99 99 ae 06 61 40 59 54 14 93 a0 51 49 c0 a0 11 89 7b 9e e4 b9 25 28 8e 42 22 5c 85 08 17 1d 18 18 76 71 43 4d ae 4f 36 89 12 a3 c2 43 2f f7 fa 10 7d 9a 3c fc 10 05 84 04 bd 8a 32 03 82 33 d3 cb 2c 3d 5b af 55 75 ce b9 7f 4c 57 5b 5d d3 3d 33 78 73 df f9 7c fa 33 dd 55 a7 ea 6c bf f5 fb fb 9d 33 e4 cb e3 c7 45 43 63 10 9a c1 61 2f 84 10 90 de 2f 70 Data Ascii: PNGIHDR"zpHYsgAMA\|Q cHRMz%u0`:o_F)lIDATx}ya@YTQI{%(B"\vqCMO6C/}<23,=[UuLW[]=3xs\|3Ul3ECca//p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49737	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:01 UTC	361	OUT	GET /png/inner_top_middle.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:01 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "32c8bac4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:00 GMT Connection: close Content-Length: 2026
2024-10-29 14:38:01 UTC	2026	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 14 08 03 00 00 00 62 6d 34 c4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRbm4tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49731	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:01 UTC	603	OUT	GET /png/inner_top_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:01 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "42b5a7c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:00 GMT Connection: close Content-Length: 1085
2024-10-29 14:38:01 UTC	1085	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 14 08 03 00 00 00 7b d0 a7 93 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR{tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49738	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:01 UTC	581	OUT	GET /png/qq.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:03 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:40 GMT Accept-Ranges: bytes ETag: "7e4076c6a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:01 GMT Connection: close Content-Length: 2397
2024-10-29 14:38:03 UTC	2397	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 27 00 00 00 20 08 03 00 00 00 a6 78 91 bf 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR' xtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49730	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:02 UTC	604	OUT	GET /png/header_common.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:03 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "34f445c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:03 GMT Connection: close Content-Length: 1133
2024-10-29 14:38:03 UTC	1133	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 54 08 03 00 00 00 74 88 ad ff 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRTttEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49745	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:03 UTC	598	OUT	GET /png/body_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:04 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:32 GMT Accept-Ranges: bytes ETag: "fcc08dc1a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:03 GMT Connection: close Content-Length: 1033
2024-10-29 14:38:04 UTC	1033	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 01 08 03 00 00 00 31 76 a7 ec 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR1vtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49734	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:03 UTC	604	OUT	GET /png/header_middle.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:04 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "82695bc4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:03 GMT Connection: close Content-Length: 6594
2024-10-29 14:38:04 UTC	6594	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 c0 00 00 00 54 08 03 00 00 00 7a 17 ae 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRTzatEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49748	14.215.183.79	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:04 UTC	880	OUT	GET /hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=132588249&si=0cb508d79cf9b362fbfe253f23da969d&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99 HTTP/1.1 Host: hm.baidu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
2024-10-29 14:38:05 UTC	275	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0, no-cache Content-Length: 43 Content-Type: image/gif Date: Tue, 29 Oct 2024 14:38:05 GMT Pragma: no-cache Server: apache Strict-Transport-Security: max-age=172800 X-Content-Type-Options: nosniff Connection: close
2024-10-29 14:38:05 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49747	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:05 UTC	606	OUT	GET /png/inner_slider_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 14:38:06 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "52a294c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:06 GMT Connection: close Content-Length: 1367
2024-10-29 14:38:06 UTC	1367	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 5b 08 03 00 00 00 85 de 1f 2a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR[*tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49750	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:05 UTC	595	OUT	GET /png/sina.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:08 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:41 GMT Accept-Ranges: bytes ETag: "1a2ba1c6a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:08 GMT Connection: close Content-Length: 2640
2024-10-29 14:38:08 UTC	2640	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 23 00 00 00 20 08 03 00 00 00 af 93 31 c5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR# 1tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49744	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:05 UTC	593	OUT	GET /png/qq.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:05 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:40 GMT Accept-Ranges: bytes ETag: "7e4076c6a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:05 GMT Connection: close Content-Length: 2397
2024-10-29 14:38:05 UTC	2397	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 27 00 00 00 20 08 03 00 00 00 a6 78 91 bf 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR' xtEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49749	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:05 UTC	604	OUT	GET /png/header_common.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:06 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "34f445c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:05 GMT Connection: close Content-Length: 1133
2024-10-29 14:38:06 UTC	1133	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 54 08 03 00 00 00 74 88 ad ff 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRTttEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49739	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:05 UTC	848	OUT	GET /png/body_bottom.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/css/main.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:07 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:32 GMT Accept-Ranges: bytes ETag: "ecd3a0c1a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:06 GMT Connection: close Content-Length: 1334
2024-10-29 14:38:07 UTC	1334	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 0f 08 03 00 00 00 0b 7c c6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR\|tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49751	14.215.183.79	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:06 UTC	881	OUT	GET /hm.gif?hca=DA7661259EA8C1A9&cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=907&et=0&ja=0&ln=en-us&lo=0&rnd=1979009764&si=f77310fb1e9bd277ac94694a069bd4e9&v=1.3.2&lv=1&sn=23142&r=0&ww=1280&u=https%3A%2F%2Fwww.lodop.net%2F&tt=Lodop%E5%92%8CC-Lodop%E5%AE%98%E7%BD%91%E4%B8%BB%E7%AB%99 HTTP/1.1 Host: hm.baidu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
2024-10-29 14:38:06 UTC	275	IN	HTTP/1.1 200 OK Cache-Control: private, max-age=0, no-cache Content-Length: 43 Content-Type: image/gif Date: Tue, 29 Oct 2024 14:38:06 GMT Pragma: no-cache Server: apache Strict-Transport-Security: max-age=172800 X-Content-Type-Options: nosniff Connection: close
2024-10-29 14:38:06 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49752	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:07 UTC	604	OUT	GET /png/header_middle.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:07 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "82695bc4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:06 GMT Connection: close Content-Length: 6594
2024-10-29 14:38:07 UTC	6594	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 c0 00 00 00 54 08 03 00 00 00 7a 17 ae 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDRTzatEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	60255	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:08 UTC	606	OUT	GET /png/inner_slider_bg.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:09 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:37 GMT Accept-Ranges: bytes ETag: "52a294c4a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:09 GMT Connection: close Content-Length: 1367
2024-10-29 14:38:09 UTC	1367	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 5b 08 03 00 00 00 85 de 1f 2a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR[*tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	60256	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:09 UTC	828	OUT	GET /favicon.ico HTTP/1.1 Host: www.lodop.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.lodop.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:09 UTC	195	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:09 GMT Connection: close Content-Length: 5078
2024-10-29 14:38:09 UTC	5078	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 37 2e 35 20 e8 af a6 e7 bb 86 e9 94 99 e8 af af 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.5 - 404.0 - Not Found</title> <style type="text/css"> ... bod

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	60257	123.57.208.27	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:09 UTC	602	OUT	GET /png/body_bottom.png HTTP/1.1 Host: www.lodop.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; Hm_lpvt_0cb508d79cf9b362fbfe253f23da969d=1730212677; HMACCOUNT=DA7661259EA8C1A9; Hm_lvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677; Hm_lpvt_f77310fb1e9bd277ac94694a069bd4e9=1730212677
2024-10-29 14:38:10 UTC	244	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Tue, 28 Mar 2017 09:00:32 GMT Accept-Ranges: bytes ETag: "ecd3a0c1a1a7d21:0" Server: Microsoft-IIS/7.5 Date: Tue, 29 Oct 2024 14:38:10 GMT Connection: close Content-Length: 1334
2024-10-29 14:38:10 UTC	1334	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 ca 00 00 00 0f 08 03 00 00 00 0b 7c c6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 64 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 30 2d 63 30 36 30 20 36 31 2e 31 33 34 37 37 37 2c 20 32 30 31 30 2f 30 32 2f 31 32 2d 31 37 3a 33 32 3a 30 30 20 20 Data Ascii: PNGIHDR\|tEXtSoftwareAdobe ImageReadyqe<diTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	60253	111.45.3.198	443	4068	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:38:13 UTC	416	OUT	GET /hm.js?f77310fb1e9bd277ac94694a069bd4e9 HTTP/1.1 Host: hm.baidu.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: HMACCOUNT_BFESS=F23A71B5E5FEC086
2024-10-29 14:38:14 UTC	194	IN	HTTP/1.1 200 OK Content-Length: 0 Date: Tue, 29 Oct 2024 14:38:14 GMT Server: apache Strict-Transport-Security: max-age=172800 Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.8	60261	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:00 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:00 UTC	561	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:00 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 28 Oct 2024 13:23:36 GMT ETag: "0x8DCF753BAA1B278" x-ms-request-id: 174434da-801e-0015-686a-29f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143900Z-17fbfdc98bbtf4jxpev5grnmyw00000006y00000000015mm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:00 UTC	15823	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-29 14:39:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
2024-10-29 14:39:00 UTC	16384	IN	Data Raw: 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d Data Ascii: <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a Data Ascii: nts" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" />
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32"
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 Data Ascii: _Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3"
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 Data Ascii: </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
2024-10-29 14:39:01 UTC	16384	IN	Data Raw: 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.8	60263	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:02 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	584	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:02 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 85f3058c-201e-00aa-6c2c-283928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143902Z-r1755647c66hbclz9tgqkaxg2w000000085g00000000a681 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.8	60267	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:02 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:02 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 63125a57-c01e-0046-4226-262db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143902Z-r1755647c66bdj57qqnd8h5hp800000007bg000000005xz8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.8	60264	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:02 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:02 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 9a0790d9-e01e-0052-7cad-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143902Z-17fbfdc98bb5d4fn785en176rg00000006n0000000009pah x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.8	60265	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:02 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	584	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:02 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143902Z-17fbfdc98bbzsht4r5d3e0kyc000000005zg000000002swr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.8	60266	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:03 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	584	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:03 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c4ab37c7-901e-002a-3417-267a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143903Z-17fbfdc98bb2rxf2hfvcfz540000000004n0000000007mvw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.8	60269	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:03 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:03 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 7b93b929-d01e-0082-6676-27e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143903Z-17fbfdc98bb2cvg4m0cmab3ecw00000005a000000000b44m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.8	60270	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:03 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:03 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: bbf1142f-f01e-0085-589b-2788ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143903Z-17fbfdc98bbtwz55a8v24wfkdw00000007vg000000005y9s x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.8	60271	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:03 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 633f9008-101e-00a2-3e9b-279f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143903Z-17fbfdc98bb2cvg4m0cmab3ecw00000005fg0000000029yu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.8	60272	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:03 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:03 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:03 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 8abc48b9-201e-0096-2f4f-28ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143903Z-r1755647c66pzcrw3ktqe96x2s00000007w0000000009v9g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:03 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.8	60273	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:04 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:04 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:04 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: d6813257-101e-0034-034f-2896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143904Z-17fbfdc98bb8lw78ye6qppf97g000000074000000000a0k1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:04 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.8	60274	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:04 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:04 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:04 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: f66eff46-601e-0084-3c9d-276b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143904Z-r1755647c66vxbtprd2g591tyg000000066g00000000cgr3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:04 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.8	60276	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:04 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:04 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: b526e42e-401e-005b-10a3-269c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143904Z-17fbfdc98bbtf4jxpev5grnmyw00000006y00000000015sw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.8	60275	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:04 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 13862abc-a01e-0053-5aa2-218603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143904Z-r1755647c66hbclz9tgqkaxg2w000000084g00000000aegp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.8	60277	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:04 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:04 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: f6d6c722-a01e-00ab-371c-289106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143904Z-17fbfdc98bb5d4fn785en176rg00000006ug0000000001yv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.8	60279	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:05 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: abb1733e-f01e-005d-6a3c-2813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143905Z-17fbfdc98bbvvplhck7mbap4bw0000000890000000009kcy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:05 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.8	60280	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:05 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 898be286-601e-003d-2804-276f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143905Z-17fbfdc98bbh7l5skzh3rekksc000000083g000000004hgx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:05 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.8	60281	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:05 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:05 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 77b1f39f-101e-0079-106b-275913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143905Z-r1755647c66xdwzbrg67s9avs4000000076000000000404g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:05 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.8	60282	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:05 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:05 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 9a09e836-e01e-0052-3cae-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143905Z-r1755647c66f4bf880huw27dwc0000000810000000008q6r x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.8	60283	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:05 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:05 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 214ea441-b01e-00ab-0e9b-27dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143905Z-17fbfdc98bb9xxzfyggrfrbqmw0000000610000000003nvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 14:39:05 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.8	60284	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:05 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: bb58e6ef-e01e-000c-4187-288e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-r1755647c66vkwr5neys93e0h4000000063g00000000bg62 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:06 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.8	60285	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:06 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:06 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: bfc21b6c-401e-0067-2636-2809c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-17fbfdc98bbtf4jxpev5grnmyw00000006ug0000000087vg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:06 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.8	60286	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:06 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:06 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 338c7fbe-d01e-0028-7d3c-287896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-r1755647c665dwkwce4e7gadz000000007mg000000000bmy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:06 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.8	60287	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:06 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:06 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: faf669f2-101e-0065-23a4-264088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-r1755647c66t77qv3m6k1gb3zw00000006d0000000002su0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:06 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.8	60288	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:06 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:06 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: de33ccc9-c01e-008e-25fe-267381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-17fbfdc98bbds27mnhu6ftg4d8000000050g000000009f6t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:06 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.8	60289	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:06 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:06 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 67fffc2c-401e-000a-5dae-264a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143906Z-r1755647c66ldhdjeavapf4fd000000006t0000000003pc4 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:07 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.8	60290	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:07 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:07 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 54a08b66-801e-008f-529b-272c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143907Z-r1755647c66mrgwz6d897uymaw00000000eg000000008pkr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 14:39:07 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.8	60291	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:07 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 546431bf-201e-0085-0b72-2734e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143907Z-17fbfdc98bbnvkgdqtwd2nmyz800000005m0000000009adt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.8	60293	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:07 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:07 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 1089ebf2-001e-0028-530d-27c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143907Z-r1755647c66t77qv3m6k1gb3zw00000006bg000000005wg9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 14:39:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.8	60294	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: ae9ca414-101e-008d-470d-2692e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-17fbfdc98bb5d4fn785en176rg00000006q0000000008rwg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:08 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.8	60292	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:08 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 08308beb-701e-001e-43b0-26f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-r1755647c66z4xgb5rng8h32e800000005s0000000000sf9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:08 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.8	60295	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 8e3eac93-d01e-0017-759c-27b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-r1755647c66mmrln9nsykf75u800000005s0000000008u86 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:08 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.8	60296	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: cbc8156d-001e-0079-70f5-2512e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-r1755647c666qwwlm3r555dyqc00000006xg000000005eya x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.8	60297	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:08 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: c9fe3c14-601e-0050-50d7-262c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-r1755647c66t77qv3m6k1gb3zw000000069000000000a53n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:08 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.8	60298	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:08 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 14:39:09 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 14:39:08 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 01fc617d-601e-000d-05a4-262618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T143908Z-17fbfdc98bblzxqcphe71tp4qw00000002400000000030g1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 14:39:09 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.8	60299	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:09 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.8	60300	13.107.253.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 14:39:09 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6152, Parent PID: 4184

General

Target ID:	0
Start time:	10:37:38
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4068, Parent PID: 6152

General

Target ID:	2
Start time:	10:37:43
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,7651591374068356554,12617634830173413571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3672, Parent PID: 4184

General

Target ID:	3
Start time:	10:37:45
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.lodop.net/"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.lodop.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Windows Analysis Report
https://www.lodop.net/